RFR: 8299870: TLS record version check allows invalid records [v3]

Rajan Halade rhalade at openjdk.org
Fri Jan 13 04:03:53 UTC 2023


On Fri, 13 Jan 2023 00:28:32 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
>> - Removed IllegalRecordVersion.java from ProblemList.txt 
>> 
>> Tested with jdk_security and jdk_security3 test groups.
>
> Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - revert one more chnage
>  - reverted ProtocolVersion and changed to use SSLContextTemplate

src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java line 410:

> 408:         return selectedVersion;
> 409:     }
> 410: }

revert this change as well.

-------------

PR: https://git.openjdk.org/jdk/pull/11929


More information about the security-dev mailing list