RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v10]
Artur Barashev
abarashev at openjdk.org
Fri Oct 4 03:02:32 UTC 2024
> Check for unexpected plaintext alert message during TLSv1.3 handshake. This can happen if client doesn't receive ServerHello due to network timeout and tries to close the connection by sending an alert message.
Artur Barashev has updated the pull request incrementally with two additional commits since the last revision:
- Add SSLSocket-based test. Save last record we attempted to decode when using SSLSocket.
- Handle SSLSocketInputRecord case
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/21043/files
- new: https://git.openjdk.org/jdk/pull/21043/files/f72bab25..00d485c6
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=21043&range=09
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=21043&range=08-09
Stats: 319 lines in 6 files changed: 277 ins; 11 del; 31 mod
Patch: https://git.openjdk.org/jdk/pull/21043.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/21043/head:pull/21043
PR: https://git.openjdk.org/jdk/pull/21043
More information about the security-dev
mailing list