diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/nio/SSLDriver.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/nio/SSLDriver.java index a44d39a0d7a56..c143978468dfd 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/nio/SSLDriver.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/nio/SSLDriver.java @@ -113,7 +113,13 @@ public ByteBuffer getNetworkReadBuffer() { } public void read(InboundChannelBuffer buffer) throws SSLException { - currentMode.read(buffer); + Mode modePriorToRead; + do { + modePriorToRead = currentMode; + currentMode.read(buffer); + // If we switched modes we want to read again as there might be unhandled bytes that need to be + // handled by the new mode. + } while (modePriorToRead != currentMode); } public boolean readyForApplicationWrites() { @@ -365,8 +371,9 @@ public void read(InboundChannelBuffer buffer) throws SSLException { try { SSLEngineResult result = unwrap(buffer); handshakeStatus = result.getHandshakeStatus(); - continueUnwrap = result.bytesConsumed() > 0; handshake(); + // If we are done handshaking we should exit the handshake read + continueUnwrap = result.bytesConsumed() > 0 && currentMode.isHandshake(); } catch (SSLException e) { closingInternal(); throw e;