RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v24]

Xue-Lei Andrew Fan xuelei at openjdk.org
Tue Oct 29 17:25:14 UTC 2024


On Tue, 29 Oct 2024 17:16:35 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> But it may not be in the same log, depending on where the `SSLLogger` is directed vs. the Exceptions.  I'd say keep it in.
>
> It may be sufficient to have it in exception only.  We normally don't log exception message alone in SunJSSE.  From my understand, it is hardly to see a lot benefits.

I don't think we know the record is "plaintext", even it has just two bytes.  The input is not verified, it can be anything.  I don't want to confuse the developers further if it is not plaintext case.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1821262179


More information about the security-dev mailing list