From 722c7185a6b3b288dbdb2ef237a5adcd4693d0ac Mon Sep 17 00:00:00 2001
From: Ruby Martin <ruby@wolfssl.com>
Date: Wed, 9 Jul 2025 08:48:07 -0600
Subject: [PATCH 1/2] catch IllegalStateException on getMaxOutputSize() and
 check for cached value

---
 .../jsse/WolfSSLImplementSSLSession.java      | 30 +++++++++++++------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
index 6333d403..b8cf24ff 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@@ -804,17 +804,29 @@ public synchronized int getPacketBufferSize() {
 
         /* Try to get maximum TLS record size from native wolfSSL */
         if (ssl != null) {
-            nativeMax = ssl.getMaxOutputSize();
-            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                () -> "ssl.getMaxOutputSize() returned: " + nativeMax);
-
-            if ((nativeMax > 0) && (nativeMax > ret)) {
-                ret = nativeMax;
+            try {
+                nativeMax = ssl.getMaxOutputSize();
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "ssl.getMaxOutputSize() returned: " + nativeMax);
+                if ((nativeMax > 0) && (nativeMax > ret)) {
+                    ret = nativeMax;
+                }
+                if (ret > this.packetBufSz) {
+                    this.packetBufSz = ret;
+                }
+            } catch (IllegalStateException ex) {
+                Logger.getLogger(
+                    WolfSSLImplementSSLSession.class.getName()).log(
+                        Level.SEVERE, null, ex);
+                /* If ssl.getMaxOutputSize failed, check for cached value */
+                if (this.packetBufSz > ret) {
+                    ret = this.packetBufSz;
+                } else { 
+                    /* Cache ret if greater than or equal to packetBufSz */
+                    this.packetBufSz = ret;
+                }
             }
 
-            if (ret > this.packetBufSz) {
-                this.packetBufSz = ret;
-            }
         } else if (this.packetBufSz >= 0) {
             ret = this.packetBufSz;
         }

From f8472b76640f27a1e182b3ce7442feb882493021 Mon Sep 17 00:00:00 2001
From: Ruby Martin <ruby@wolfssl.com>
Date: Wed, 9 Jul 2025 12:06:21 -0600
Subject: [PATCH 2/2] Change Logger calls to WolfsslDebug

---
 .../jsse/WolfSSLImplementSSLSession.java      | 28 +++++++++----------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
index b8cf24ff..32c95ed6 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
@@ -520,9 +520,9 @@ public synchronized Certificate[] getPeerCertificates()
         try {
             x509 = this.ssl.getPeerCertificate();
         } catch (IllegalStateException | WolfSSLJNIException ex) {
-            Logger.getLogger(
-                    WolfSSLImplementSSLSession.class.getName()).log(
-                        Level.SEVERE, null, ex);
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "Error getting peer certificate: "
+                    + ex.getMessage());
             x509 = 0;
         }
 
@@ -636,9 +636,9 @@ public synchronized javax.security.cert.X509Certificate[] getPeerCertificateChai
 
         } catch (IllegalStateException | WolfSSLJNIException |
                 WolfSSLException ex) {
-            Logger.getLogger(
-                    WolfSSLImplementSSLSession.class.getName()).log(
-                        Level.SEVERE, null, ex);
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                () -> "Error getting peer certificate chain: "
+                + ex.getMessage());
         }
         return null;
     }
@@ -682,9 +682,8 @@ public synchronized Principal getPeerPrincipal()
 
         } catch (IllegalStateException | WolfSSLJNIException |
                 WolfSSLException ex) {
-            Logger.getLogger(
-                    WolfSSLImplementSSLSession.class.getName()).log(
-                        Level.SEVERE, null, ex);
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                () -> "Error getting peer principal: " + ex.getMessage());
         }
         return null;
     }
@@ -735,9 +734,8 @@ public synchronized String getCipherSuite() {
                 return currentCipher;
             }
         } catch (IllegalStateException | WolfSSLJNIException ex) {
-            Logger.getLogger(
-                WolfSSLImplementSSLSession.class.getName()).log(
-                    Level.SEVERE, null, ex);
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                () -> "Error getting cipher suite: " + ex.getMessage());
         }
 
         return this.cipherSuite;
@@ -815,9 +813,9 @@ public synchronized int getPacketBufferSize() {
                     this.packetBufSz = ret;
                 }
             } catch (IllegalStateException ex) {
-                Logger.getLogger(
-                    WolfSSLImplementSSLSession.class.getName()).log(
-                        Level.SEVERE, null, ex);
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "Error getting packet buffer size: "
+                    + ex.getMessage());
                 /* If ssl.getMaxOutputSize failed, check for cached value */
                 if (this.packetBufSz > ret) {
                     ret = this.packetBufSz;