# javax.net.ssl.SSLException: 在收到对等方的 close_notify 之前关闭入站

- **ID:** `java/ssl-exception-closed-ssl-socket`
- **领域:** java
- **类别:** protocol_error
- **验证级别:** ai_generated
- **修复率:** 85%

## 根因

SSL/TLS 连接在未交换正确的 close_notify 警报的情况下被客户端或服务器关闭，违反了 TLS 协议规范。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Java 8 | active | — | — |
| Java 11 | active | — | — |
| Java 17 | active | — | — |
| Java 21 | active | — | — |

## 解决方案

1. ```
   Add system property -Djdk.tls.acknowledgeCloseNotify=true to allow graceful handling of missing close_notify messages.
   ```
2. ```
   Ensure the server sends a proper close_notify alert before closing the socket. In Java, use SSLSocket.close() which automatically sends close_notify, not Socket.close().
   ```
3. ```
   Catch the SSLException in the client code and treat it as a normal connection termination without retrying.
   ```

## 无效尝试

- **Set javax.net.ssl.trustStore system property to a custom truststore** — This error is not related to truststore configuration; changing trust stores does not affect TLS close_notify handshake behavior. (90% 失败率)
- **Increase SSL socket timeout using setSoTimeout()** — Timeout settings do not control TLS shutdown behavior; the error occurs even with ample timeouts. (85% 失败率)
- **Disable SSL verification entirely with a custom TrustManager** — Disabling verification bypasses certificate checks but does not fix the protocol-level close_notify violation. (95% 失败率)