RFR: 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello [v2]
Daniel Fuchs
dfuchs at openjdk.org
Mon Dec 15 17:52:56 UTC 2025
> The first byte of a SSL ClientHello handshake record is 0x16 (22).
> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>
> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
minor test fix - unused import + obsolete comment
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/28827/files
- new: https://git.openjdk.org/jdk/pull/28827/files/d6d11c8c..d7c25539
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=28827&range=00-01
Stats: 3 lines in 1 file changed: 1 ins; 1 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/28827.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/28827/head:pull/28827
PR: https://git.openjdk.org/jdk/pull/28827
More information about the net-dev
mailing list