RFR: 8299870: TLS record version check allows invalid records
Rajan Halade
rhalade at openjdk.org
Tue Jan 10 22:49:14 UTC 2023
On Tue, 10 Jan 2023 18:59:30 GMT, Matthew Donovan <duke at openjdk.org> wrote:
> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt
>
> Tested with jdk_security and jdk_security3 test groups.
test/jdk/ProblemList.txt line 590:
> 588:
> 589: javax/net/ssl/SSLEngine/TestAllSuites.java 8298874 generic-all
> 590: javax/net/ssl/SSLEngine/IllegalRecordVersion.java 8298873 generic-all
I have closed 8298873 as duplicate of this bug. Can you please update IllegalRecordVersion test to list 8299870 under `@bug`.
-------------
PR: https://git.openjdk.org/jdk/pull/11929
More information about the security-dev
mailing list