RFR: 8182621: JSSE should reject empty TLS plaintexts [v2]
Matthew Donovan
duke at openjdk.org
Fri Apr 7 13:56:39 UTC 2023
> Added code similar to the suggested patches for empty Handshake messages. I also implemented tests to verify empty Handshake, Alert, and ChangeCipherSpec messages result in expected behavior: for SSLEngineImpl, exceptions are thrown, for SSLSockets the connection is closed.
Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:
- added comment referring to relevant RFC
- clarified if-statements; fixed exception message wording
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/13306/files
- new: https://git.openjdk.org/jdk/pull/13306/files/92c68e4c..7c47ed30
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=13306&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=13306&range=00-01
Stats: 8 lines in 2 files changed: 4 ins; 0 del; 4 mod
Patch: https://git.openjdk.org/jdk/pull/13306.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/13306/head:pull/13306
PR: https://git.openjdk.org/jdk/pull/13306
More information about the security-dev
mailing list