RFR: 8275811 Incorrect instance to dispose [v4]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Nov 1 20:05:22 UTC 2021
On Mon, 1 Nov 2021 14:13:43 GMT, Daniel Jeliński <duke at openjdk.java.net> wrote:
>> The current code that changes cipher suites disposes the new suite instead of the old one, which usually silently fails. This patch fixes the code to dispose the old instance instead.
>>
>> DTLS appears to be unaffected: DTLSOutputRecord keeps 2 ciphers and correctly [disposes the old one](https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java#L106), and DTLSInputRecord [doesn't dispose anything](https://github.com/openjdk/jdk/blob/4b9303b77b43d890ebacbec38b4ac5db7e171886/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java#L57)
>
> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>
> Dispose write cipher after changing ciphers
Thank you for the update. It looks good to me, except a minor comment.
src/java.base/share/classes/sun/security/ssl/OutputRecord.java line 146:
> 144: // SSLEngine and SSLSocket
> 145: abstract void disposeWriteCipher();
> 146:
Alternatively, this method could have a default implementation that throws UnsupportedOperationException. Then, there is no need to update DTLSOutputRecord.java.
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/6084
More information about the security-dev
mailing list