RFR [15] JDK-8215711, Missing key_share extension for (EC)DHE key exchange should alert missing_extension

Anthony Scarpino anthony.scarpino at oracle.com
Sun Apr 5 20:41:35 UTC 2020

On 4/4/20 6:11 PM, Xuelei Fan wrote:
> Hi,
> Could I have the following update reviewed?
>      http://cr.openjdk.java.net/~xuelei/8215711/webrev.00/
> In the current TLS implementation, if one of "supported_groups" 
> extension and "key_share" extension is not present in the ClientHello 
> handshake message, the internal_error alter will be used.  Per the spec 
> (RFC 8846), the alert should be "missing_extension" alert.
> The fuzzing test passed with this update.  No new regression test 
> (noreg-external).
> Thanks,
> Xuelei

The change looks fine. It looks like you implemented what is in section 
9.2, and it looks like the absent methods will be called from the 
consumeOnLoad() as all those extensions can be in a ClientHello msg.



More information about the security-dev mailing list