Integrated: 8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello
Daniel Fuchs
dfuchs at openjdk.org
Wed Dec 17 12:17:04 UTC 2025
On Mon, 15 Dec 2025 15:40:13 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
> The first byte of a SSL ClientHello handshake record is 0x16 (22).
> If the first byte received on a HTTP/1.1 clear connection is 0x16, the HTTP server could fail fast, return 400 bad request and immediately close the connection.
>
> This changeset extends the fail fast behaviour for other ineligible bytes, such as any byte corresponding to ASCII characters <= 31.
This pull request has now been integrated.
Changeset: 5e7ae281
Author: Daniel Fuchs <dfuchs at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/5e7ae281326ca306339aaba101d4206dffdb9ca0
Stats: 206 lines in 3 files changed: 204 ins; 0 del; 2 mod
8373677: Clear text HttpServer connection could fail fast if receiving SSL ClientHello
Reviewed-by: jpai, djelinski
-------------
PR: https://git.openjdk.org/jdk/pull/28827
More information about the net-dev
mailing list