RFR: 8042982: Unexpected RuntimeExceptions being thrown by SSLEngine

Bradford Wetmore bradford.wetmore at oracle.com
Fri Aug 1 18:55:56 UTC 2014


BTW, if you feel like it in any backports, the casts to 
SSLHandshakeException weren't needed.

Brad



On 8/1/2014 11:46 AM, Rob McKenna wrote:
> Thanks Brad, patch updated, built & tested.
>
>      -Rob
>
> On 01/08/14 01:39, Bradford Wetmore wrote:
>> Rob,
>>
>> Looks ok to me too.  There are probably other places with RTE's we
>> could fix, but this will solve the immediate problem.
>>
>> Two comments to consider:
>>
>> 1.  Use a Multi-catch exception.  JDK7+.
>>
>> 2.  DHCrypt throws IOException.  ECDHCrypt throws SSLException (which
>> is an IOException).  Since DHCrypt/ECDHCrypt are essentially the same
>> kind of class, maybe update DHCrypt to throw the same?
>>
>> Brad
>>
>>
>> On 7/25/2014 5:52 PM, Xuelei Fan wrote:
>>> Looks fine to me.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> On 7/22/2014 9:37 PM, Rob McKenna wrote:
>>>> Hi folks,
>>>>
>>>> A simple change to use SSLHandshakeException instead of
>>>> RuntimeException
>>>> in getAgreedSecret in DHCrypt and ECDHCrypt. This will prevent these
>>>> RuntimeExceptions from propagating to the application and allow
>>>> application programmers to handle them as SSLHandshakeExceptions.
>>>>
>>>> http://cr.openjdk.java.net/~robm/8042982/webrev.01/
>>>>
>>>>      -Rob
>>>>
>>>
>


More information about the security-dev mailing list