RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v24]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Tue Oct 29 17:19:10 UTC 2024
On Fri, 25 Oct 2024 21:25:10 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLCipher.java line 1870:
>>
>>> 1868: if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
>>> 1869: SSLLogger.info(msg);
>>> 1870: }
>>
>> It may not need the log any longer because the follow-up exception will cover the information.
>
> But it may not be in the same log, depending on where the `SSLLogger` is directed vs. the Exceptions. I'd say keep it in.
It may be sufficient to have it in exception only. We normally don't log exception message alone in SunJSSE. From my understand, it is hardly to see a lot benefits.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1821257877
More information about the security-dev
mailing list