RFR: 8275811 Incorrect instance to dispose

Daniel Jeliński duke at openjdk.java.net
Fri Oct 22 20:22:06 UTC 2021


On Fri, 22 Oct 2021 18:45:31 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> The current code that changes cipher suites disposes the new suite instead of the old one, which usually silently fails. This patch fixes the code to dispose the old instance instead.
>> 
>> DTLS appears to be unaffected: DTLSOutputRecord keeps 2 ciphers and correctly [disposes the old one](https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java#L106), and DTLSInputRecord [doesn't dispose anything](https://github.com/openjdk/jdk/blob/4b9303b77b43d890ebacbec38b4ac5db7e171886/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java#L57)
>
> Did you want to cover the update for line 222 at OutputRecord.java as well?

Thanks @XueleiFan , but I guess this needs a bit more love. Just finished running jdk_security tests, and a few tests failed, apparently related:
javax/net/ssl/SSLEngine/NoAuthClientAuth.java
javax/net/ssl/TLSv1/TLSRehandshakeTest.java
javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java
javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java
javax/net/ssl/TLSv11/TLSRehandshakeTest.java
javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java

I'll see if I can figure this out.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6084


More information about the security-dev mailing list