RFR: 8227651: Tests fail with SSLProtocolException: Input record too big
Daniel Jeliński
djelinski at openjdk.org
Wed Aug 10 16:35:41 UTC 2022
On Wed, 10 Aug 2022 15:40:26 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> Could it be a TLS implementation problem that the server should not read application data as handshaking data?
Not really; `SSLEngine#unwrap` does not have to consume the entire ByteBuffer, and it's the application's responsibility to preserve unconsumed data for subsequent `unwrap` calls in case of buffer underflow/overflow.
There are 2 problems with the existing implementation:
- `unwrap` in `handshaking` can consume (and discard) application data because `peerAppData` has nonzero size (does not happen in practice)
- `handshaking` can lose unconsumed `peerNetData`
Both are fixed here.
-------------
PR: https://git.openjdk.org/jdk/pull/9773
More information about the security-dev
mailing list