RFR: 8299870: TLS record version check allows invalid records
Xue-Lei Andrew Fan
xuelei at openjdk.org
Thu Jan 12 07:18:14 UTC 2023
On Wed, 11 Jan 2023 19:49:14 GMT, Matthew Donovan <duke at openjdk.org> wrote:
> > > If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?
> > > That's the good question. It may worthy of further evaluation and the test case could be removed if it is not valid.
>
> I reworked `IllegalRecordVersion.java` so that it creates a ClientHello with a bad value in that version field, continues the handshake to the end, and then verifies that a version was agreed upon.
>
> If that sounds legitimate, I can clean up the code a little and push it.
I'm fine for this approach. The file/class name could be revised.
-------------
PR: https://git.openjdk.org/jdk/pull/11929
More information about the security-dev
mailing list