Should SSLEngine throw SSLHandhakeException?
Florian Weimer
fweimer at redhat.com
Tue Aug 4 18:06:56 UTC 2015
If the SSLEngine client receives a fatal alert, an exception for
Alerts.alert_unexpected_message is generated, which is an SSLException,
not for the alert received, which would be an SSLHandhsakeException.
Is this intentional? If not, the attached patch fixes that.
I see this when the client receives an inappropriate_fallback alert with
my TLS_FALLBACK_SCSV patch, but I can't see a reason why the behavior
for other alerts would be different.
--
Florian Weimer / Red Hat Product Security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: engine.patch
Type: text/x-patch
Size: 714 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150804/8a52eeae/engine.patch>
More information about the security-dev
mailing list