RFR: 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello [v2]
Daniel Jeliński
djelinski at openjdk.org
Tue Dec 16 17:20:45 UTC 2025
On Mon, 15 Dec 2025 17:52:56 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>>
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request incrementally with one additional commit since the last revision:
>
> minor test fix - unused import + obsolete comment
src/jdk.httpserver/share/classes/sun/net/httpserver/ServerImpl.java line 740:
> 738: Request req;
> 739: try {
> 740: req = new Request(rawin, rawout, newconnection && !https);
I'd skip the `!https` check here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28827#discussion_r2624113873
More information about the net-dev
mailing list