RFR[13] JDK-8215524: Finished message validation failure should be decrypt_error alert
sha.jiang at oracle.com
sha.jiang at oracle.com
Mon Feb 25 12:01:28 UTC 2019
Hi,
When Finished message is validated failed, illegal_parameter is raised
currently. But per RFC 8446 section 6.2, this error should alert
decrypt_error.
And according to the same section, if the length of verify_data in
Finished is incorrect, it should alert decode_error rather than
illegal_parameter.
This fix is verified by fuzzing testing, but it's hard to add a new
regression test.
Webrev: http://cr.openjdk.java.net/~jjiang/8215524/webrev.00/
Issue: https://bugs.openjdk.java.net/browse/JDK-8215524
Best regards,
John Jiang
More information about the security-dev
mailing list