RFR 8133632: javax.net.ssl.SSLEngine does not properly handle received SSL fatal alerts
Jamil Nimeh
jamil.j.nimeh at oracle.com
Wed Nov 2 07:30:23 UTC 2016
Hello folks,
This fixes an issue in SSLEngine that happens when an engine unwraps a
TLS fatal alert record. The resulting engine state still leaves both
input and output queues in an open state, and in NEED_UNWRAP. Unwrapping
just causes the exception thrown as a result of processing the exception
to be thrown again.
This fix updates the resulting state of the engine in this particular
case to have both I/O queues closed and updates the state of the engine
to NOT_HANDSHAKING.
Bug: https://bugs.openjdk.java.net/browse/JDK-8133632
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8133632/webrev.01/
Thanks,
--Jamil
More information about the security-dev
mailing list