RFR: 8182621: JSSE should reject empty TLS plaintexts
Rajan Halade
rhalade at openjdk.org
Thu Apr 6 17:40:25 UTC 2023
On Mon, 3 Apr 2023 18:13:19 GMT, Matthew Donovan <duke at openjdk.org> wrote:
> Added code similar to the suggested patches for empty Handshake messages. I also implemented tests to verify empty Handshake, Alert, and ChangeCipherSpec messages result in expected behavior: for SSLEngineImpl, exceptions are thrown, for SSLSockets the connection is closed.
Please fix the whitespace errors so the `rfr` label will be added by bots.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13306#issuecomment-1499368513
More information about the security-dev
mailing list