RFR: 8299870: TLS record version check allows invalid records
Matthew Donovan
duke at openjdk.org
Wed Jan 11 19:52:14 UTC 2023
On Tue, 10 Jan 2023 20:34:49 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> > If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?
> That's the good question. It may worthy of further evaluation and the test case could be removed if it is not valid.
I reworked `IllegalRecordVersion.java` so that it creates a ClientHello with a bad value in that version field, continues the handshake to the end, and then verifies that a version was agreed upon.
If that sounds legitimate, I can clean up the code a little and push it.
-------------
PR: https://git.openjdk.org/jdk/pull/11929
More information about the security-dev
mailing list