Properly closing SSLSocket

Question

I want to implement an SSL proxy in Java. I basically open two sockets browser-proxy,proxy-server, and run two threads which would write to p

Answer 1

SSL semantics for closing connections are different than TCP, so that shutdownInput and shutdownOutput don't really make sense, at least at the level of control available in SSLSocket. The SSLSocket basically relieves you of the burden of SSL record processing and SSL handshake message processing. It also handles SSL alert processing, and one of these alerts is the close_notify alert. Here is the text from RFC 2246 on the meaning of this alert.

"...Either party may initiate a close by sending a close_notify alert.
   Any data received after a closure alert is ignored.

   Each party is required to send a close_notify alert before closing
   the write side of the connection. It is required that the other party
   respond with a close_notify alert of its own and close down the
   connection immediately, discarding any pending writes. It is not
   required for the initiator of the close to wait for the responding
   close_notify alert before closing the read side of the connection...."

Java does provide suicidalists with another API, the SSLEngine API. Don't touch it, it will hurt you.