Integrated: 8182621: JSSE should reject empty TLS plaintexts
Matthew Donovan
duke at openjdk.org
Tue Apr 11 04:24:54 UTC 2023
On Mon, 3 Apr 2023 18:13:19 GMT, Matthew Donovan <duke at openjdk.org> wrote:
> Added code similar to the suggested patches for empty Handshake messages. I also implemented tests to verify empty Handshake, Alert, and ChangeCipherSpec messages result in expected behavior: for SSLEngineImpl, exceptions are thrown, for SSLSockets the connection is closed.
This pull request has now been integrated.
Changeset: 39398075
Author: Matthew Donovan <matthew.p.donovan at oracle.com>
Committer: Xue-Lei Andrew Fan <xuelei at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/39398075b719739513b7610286e19735a8b478b1
Stats: 648 lines in 4 files changed: 646 ins; 0 del; 2 mod
8182621: JSSE should reject empty TLS plaintexts
Reviewed-by: xuelei
-------------
PR: https://git.openjdk.org/jdk/pull/13306
More information about the security-dev
mailing list