RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v20]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Thu Oct 17 20:13:25 UTC 2024
On Thu, 17 Oct 2024 18:48:29 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> SSLCipher has contentType.
Here is the idea in my mind. @artur-oracle Please check if I missed something. Thank you!
@Override
public Plaintext decrypt(byte contentType, ByteBuffer bb,
byte[] sequence) throws GeneralSecurityException {
...
if (contentType == ContentType.CHANGE_CIPHER_SPEC.id) {
return new Plaintext(contentType,
ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
-1, -1L, bb.slice());
}
if (bb.remaining() <= tagSize) {
+ // is it an alert?
+ if (contentType is an alert) {
+ // this is bad record, may be caused by ..., treat it as error alert.
+ return bad record alert plaintext
+ } else {
throw new BadPaddingException(
"Insufficient buffer remaining for AEAD cipher " +
"fragment (" + bb.remaining() + "). Needs to be " +
"more than tag size (" + tagSize + ")");
}
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21043#issuecomment-2420456919
More information about the security-dev
mailing list