RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v20]
Artur Barashev
abarashev at openjdk.org
Thu Oct 17 16:16:14 UTC 2024
On Thu, 17 Oct 2024 04:07:54 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Adjust line length
>
> src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java line 266:
>
>> 264: recordBody.flip();
>> 265: // Record is ready to be decoded, save it.
>> 266: saveLastDecodeRecord();
>
> It might be heavy to cache last decode record for every input record.
Yes, but only if you consider the low probability of needing this record. Overall performance impact should be negligible considering all the other operations we do. I couldn't think of a better way of passing this record upstream, unless we restrict `saveLastDecodeRecord` to contentLen of `2` which will make this not a general purpose method.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1805064403
More information about the security-dev
mailing list