RFR: 8182621: JSSE should reject empty TLS plaintexts [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Mon Apr 10 01:14:55 UTC 2023
On Fri, 7 Apr 2023 13:56:39 GMT, Matthew Donovan <duke at openjdk.org> wrote:
>> Added code similar to the suggested patches for empty Handshake messages. I also implemented tests to verify empty Handshake, Alert, and ChangeCipherSpec messages result in expected behavior: for SSLEngineImpl, exceptions are thrown, for SSLSockets the connection is closed.
>
> Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:
>
> - added comment referring to relevant RFC
> - clarified if-statements; fixed exception message wording
Looks good to me. Thank you!
-------------
Marked as reviewed by xuelei (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/13306#pullrequestreview-1376985093
More information about the security-dev
mailing list