RFR: 8293176: SSLEngine handshaker does not send an alert after a bad parameters

Daniel Jeliński djelinski at openjdk.org
Fri Aug 4 08:39:46 UTC 2023

Please review this patch that ensures that all exceptions thrown by SSLEngine delegated tasks are translated to alerts.

All exceptions should already be translated to SSLExceptions and alerts by the time we exit from context.dispatch; these exceptions are rethrown by `conContext.fatal` without modification. With this patch the remaining exceptions are translated to `internal_error` alerts.

SSLSocket implements similar handling in SSLSocketImpl#startHandshake. SSLSocket rethrows `SocketException`s without modification, and translates other `IOException`s to `handshake_failure` alerts. SSLEngine does not need to handle `SocketException`s, and IMO `internal_error` is a better choice here.

Tier1-3 tests pass.


Commit messages:
 - Add test, send alert

Changes: https://git.openjdk.org/jdk/pull/15148/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15148&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8293176
  Stats: 99 lines in 2 files changed: 98 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/15148.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/15148/head:pull/15148

PR: https://git.openjdk.org/jdk/pull/15148

More information about the security-dev mailing list