Should SSLEngine throw SSLHandhakeException?

Florian Weimer fweimer at redhat.com
Tue Aug 4 18:06:56 UTC 2015


If the SSLEngine client receives a fatal alert, an exception for
Alerts.alert_unexpected_message is generated, which is an SSLException,
not for the alert received, which would be an SSLHandhsakeException.

Is this intentional?  If not, the attached patch fixes that.

I see this when the client receives an inappropriate_fallback alert with
my TLS_FALLBACK_SCSV patch, but I can't see a reason why the behavior
for other alerts would be different.

-- 
Florian Weimer / Red Hat Product Security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: engine.patch
Type: text/x-patch
Size: 714 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20150804/8a52eeae/engine-0001.patch>


More information about the security-dev mailing list