RFR: 8227651: Tests fail with SSLProtocolException: Input record too big
Xue-Lei Andrew Fan
xuelei at openjdk.org
Wed Aug 10 17:00:32 UTC 2022
On Wed, 10 Aug 2022 16:33:27 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> > Could it be a TLS implementation problem that the server should not read application data as handshaking data?
>
> Not really; `SSLEngine#unwrap` does not have to consume the entire ByteBuffer, and it's the application's responsibility to preserve unconsumed data for subsequent `unwrap` calls in case of buffer underflow/overflow.
>
> There are 2 problems with the existing implementation:
>
> * `unwrap` in `handshaking` can consume (and discard) application data because `peerAppData` has nonzero size (does not happen in practice)
> * `handshaking` can lose unconsumed `peerNetData`
>
> Both are fixed here.
Thank you for the details.
-------------
PR: https://git.openjdk.org/jdk/pull/9773
More information about the security-dev
mailing list