SNMP TLS cache clear for closed connections

Hi Frank,
Is it possible to give this particular fix as patch in 2.8.x until it is published. We are using TLS communication and this is actually causing issues and it would be of great help if patch is received.

Thanks,
Anjali

Hi Frank,
Happy new year! Back to work with a kickstart :smiley:

Is the fix available in any 2.8.x versions? I could see 2.8.8 snapshot last updated on 13th December. Does the latest snapshot contain this fix?

Thanks,
Anjali

Hi Anjali,

The 2.8.8 snapshot from 2021-12-12T23:00:00Z contains the following fix:

  • Fixed: Possible write key loop in TLSTM caused when NEED_TASK is returned by wrap on writing message.

Thus, not all TLS related fixes from 3.x have been back ported yet. This will take at least until end of next week.

Best regards,
Frank

Thanks, Frank.
We greatly appreciate your help. Hope we will have all TLS fixes backported soon as we are awaitng for it’s delivery :slight_smile:

On other lines, Sorry, as I need clarification. TLS connection closure issue fix which is part of this thread is not included as I understand.

Thanks,
Anjali

Hi @AGENTPP
We took 2.8.8 jar from maven repo and final snapshot of snmp4j 2.8.8 downloaded from forum https://snmp.app/dist/snapshot/org/snmp4j/snmp4j/2.8.8-SNAPSHOT/snmp4j-2.8.8-20220118.214847-8.jar, our test revealed that fix is not working/ present. Where as the 2.8.9 snapshot
snmp4j-2.8.9-20220218.004850-3.jar
has the fix.
Can you confirm the behaviour in 2.8.8 please.

Thanks for the support.

Which fix do you mean?
(BTW, what is the purpose of this question?)

This topic was raised because RECV TLSv1.2 ALERT sent from client was not perceived as connection closure from remote and cached session was not deleted. As part of fix shared in 3.6.3-20211203.001919-7-distribution.tar.gz snapshot, we confirmed, it is handled as expected.

We had requested to backport this fix to 2.8.8 but we see it doesn’t handle RECV TLSv1.2 ALERT: as connection closure where as 2.8.9 latest snapshot is working as expected.

So, confirming if we should take 2.8.9 for this fix. :slight_smile:

Yes that is true. 2.8.9 will fix that.