RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v26]
Artur Barashev
abarashev at openjdk.org
Mon Nov 4 17:49:34 UTC 2024
On Sat, 2 Nov 2024 00:26:05 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Remove logging
>
> test/jdk/sun/security/ssl/SSLCipher/SSLSocketNoServerHelloClientShutdown.java line 52:
>
>> 50:
>> 51: /**
>> 52: * To reproduce @bug 8331682 (client sends an unencrypted TLS alert during
>
> We used to have a SSLSocketSSLEngineTemplate.java which did exactly this (Socket on client/Engine on Server by default, but could be switched IIRC), I wonder what happened to it.
It was removed as part of this work:
https://bugs.openjdk.org/browse/JDK-8284047
> test/lib/jdk/test/lib/security/SecurityUtils.java line 130:
>
>> 128: }
>> 129:
>> 130: public static void inspectTlsBuffer(ByteBuffer buffer) throws IOException {
>
> Another take/leave minor nit: maybe `dumpTlsPacketsBuffer` as that's all you're doing.
I think `dump` indicates that we dump the content of the buffer, that's not what we are doing, we are inspecting the buffer.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1828119191
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1828127411
More information about the security-dev
mailing list