RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v20]
Artur Barashev
abarashev at openjdk.org
Thu Oct 17 16:19:16 UTC 2024
On Thu, 17 Oct 2024 04:04:48 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Adjust line length
>
> src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 131:
>
>> 129: throw context.fatal(Alert.BAD_RECORD_MAC, bte);
>> 130: } catch (BadPaddingException bpe) {
>> 131: // Check for unexpected plaintext alert message during TLSv1.3+ handshake.
>
> Could the case happen for SSLEngine as well?
Yes, we have tests for both `SSLEngine` and `SSLSocket` usages. In case of SSLEngine the data is passed downstream in `srcs` array.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1805067548
More information about the security-dev
mailing list