RFR: 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello
Daniel Fuchs
dfuchs at openjdk.org
Mon Dec 15 17:46:23 UTC 2025
The first byte of a SSL ClientHello handshake record is 0x16 (22).
If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
-------------
Commit messages:
- fix whitespace
- fix copyright year in test
- add bug id to test
- 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello
Changes: https://git.openjdk.org/jdk/pull/28827/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8373677
Stats: 207 lines in 3 files changed: 205 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/28827.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/28827/head:pull/28827
PR: https://git.openjdk.org/jdk/pull/28827
More information about the net-dev
mailing list