RFR[13] JDK-8215524: Finished message validation failure should be decrypt_error alert

sha.jiang at oracle.com sha.jiang at oracle.com
Mon Feb 25 12:01:28 UTC 2019

When Finished message is validated failed, illegal_parameter is raised 
currently. But per RFC 8446 section 6.2, this error should alert 
And according to the same section, if the length of verify_data in 
Finished is incorrect, it should alert decode_error rather than 

This fix is verified by fuzzing testing, but it's hard to add a new 
regression test.

Webrev: http://cr.openjdk.java.net/~jjiang/8215524/webrev.00/
Issue: https://bugs.openjdk.java.net/browse/JDK-8215524

Best regards,
John Jiang

More information about the security-dev mailing list