RFR: 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello [v4]
Jaikiran Pai
jpai at openjdk.org
Wed Dec 17 12:08:10 UTC 2025
On Wed, 17 Dec 2025 11:51:04 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> The first byte of a SSL ClientHello handshake record is 0x16 (22).
>> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>>
>> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision:
>
> - .toString() is not needed
> - Review feedback: improved logging
> - Merge branch 'master' into ClearTextSSL-8373677
> - Update test/jdk/com/sun/net/httpserver/ClearTextServerSSL.java
>
> Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
> - Update src/jdk.httpserver/share/classes/sun/net/httpserver/Request.java
>
> Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>
> - minor test fix - unused import + obsolete comment
> - fix whitespace
> - fix copyright year in test
> - add bug id to test
> - 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello
Marked as reviewed by jpai (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/28827#pullrequestreview-3587418655
More information about the net-dev
mailing list