RFR [15] JDK-8215711, Missing key_share extension for (EC)DHE key exchange should alert missing_extension
Xuelei Fan
xuelei.fan at oracle.com
Sun Apr 5 01:11:53 UTC 2020
Hi,
Could I have the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8215711/webrev.00/
In the current TLS implementation, if one of "supported_groups"
extension and "key_share" extension is not present in the ClientHello
handshake message, the internal_error alter will be used. Per the spec
(RFC 8846), the alert should be "missing_extension" alert.
The fuzzing test passed with this update. No new regression test
(noreg-external).
Thanks,
Xuelei
More information about the security-dev
mailing list