RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v21]
Artur Barashev
abarashev at openjdk.org
Mon Oct 21 20:17:12 UTC 2024
> Check for unexpected plaintext alert message during TLSv1.3 handshake. This can happen if client doesn't receive ServerHello due to network timeout and tries to close the connection by sending an alert message.
Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 25 additional commits since the last revision:
- Update @library directive
- Merge branch 'master' into JDK-8331682
- Produce appropriate exception message. Update tests.
- Adjust line length
- Additional error checking
- Write and read to/from server in a single pass. Use SocketChannel.
- Return null if there is no record we attempted to decode
- Set timeout values. The SSLSocket test fails on linux-x64 because nunber of hello+ packets there is less than 6
- One more copyright update
- Update copyright. Minor naming change.
- ... and 15 more: https://git.openjdk.org/jdk/compare/733e4f53...a6bcc9b0
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/21043/files
- new: https://git.openjdk.org/jdk/pull/21043/files/b8e06558..a6bcc9b0
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=21043&range=20
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=21043&range=19-20
Stats: 172944 lines in 1596 files changed: 156014 ins; 9188 del; 7742 mod
Patch: https://git.openjdk.org/jdk/pull/21043.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/21043/head:pull/21043
PR: https://git.openjdk.org/jdk/pull/21043
More information about the security-dev
mailing list