RFR: 8299870: TLS record version check allows invalid records
Xue-Lei Andrew Fan
xuelei at openjdk.org
Tue Jan 10 20:38:53 UTC 2023
On Tue, 10 Jan 2023 20:16:02 GMT, Matthew Donovan <duke at openjdk.org> wrote:
> > This update will introduce version negotiation issues. Per TLS spec, version 105.106 should be allowed and the version could be negotiated properly. When TLS 1.4 is defined later in the future, the code update here will cause serious compatibility issues. This has been a well-known issue in some implementations.
>
> I'm not sure what you mean here. Can you point me towards the spec that you're referring to?
>
Please refer to ["Appendix E. Backward Compatibility"](https://www.rfc-editor.org/rfc/rfc5246#appendix-E) of RFC 5246. Let see an example, suppose TLS 1.4 is defined. If the server is only able to accept TLS 1.3, if the client is using TLS 1.4 format, the connection cannot be established. But TLS 1.3 should be negotiated.
BTW, this filed has been deprecated and "MUST be ignored for all purposes" since TLS 1.3 (See RFC 8446).
> If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?
That's the good question. It may worthy of further evaluation and the test case could be removed if it is not valid.
-------------
PR: https://git.openjdk.org/jdk/pull/11929
More information about the security-dev
mailing list