RFR: 8182621: JSSE should reject empty TLS plaintexts [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Mon Apr 10 21:15:48 UTC 2023
On Fri, 7 Apr 2023 13:56:39 GMT, Matthew Donovan <duke at openjdk.org> wrote:
>> Added code similar to the suggested patches for empty Handshake messages. I also implemented tests to verify empty Handshake, Alert, and ChangeCipherSpec messages result in expected behavior: for SSLEngineImpl, exceptions are thrown, for SSLSockets the connection is closed.
>
> Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:
>
> - added comment referring to relevant RFC
> - clarified if-statements; fixed exception message wording
@mpdonova Did you have a chance to pass Mach5 testing? If the testing is good, I would like to sponsor the committing.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13306#issuecomment-1502332785
More information about the security-dev
mailing list