RFR: 8182621: JSSE should reject empty TLS plaintexts
Matthew Donovan
duke at openjdk.org
Thu Apr 6 17:40:24 UTC 2023
Added code similar to the suggested patches for empty Handshake messages. I also implemented tests to verify empty Handshake, Alert, and ChangeCipherSpec messages result in expected behavior: for SSLEngineImpl, exceptions are thrown, for SSLSockets the connection is closed.
-------------
Commit messages:
- removed whitespace
- removed unnecessary code
- 8182621: JSSE should reject empty TLS plaintexts
Changes: https://git.openjdk.org/jdk/pull/13306/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=13306&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8182621
Stats: 644 lines in 4 files changed: 642 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/13306.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/13306/head:pull/13306
PR: https://git.openjdk.org/jdk/pull/13306
More information about the security-dev
mailing list