RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server
Artur Barashev
duke at openjdk.org
Wed Sep 18 20:42:41 UTC 2024
On Wed, 18 Sep 2024 11:30:46 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 112:
>
>> 110:
>> 111: // Check for unexpected plaintext alert message during TLSv1.3 handshake, @bug 8331682
>> 112: if (srcsLength == 1 && context.handshakeContext != null &&
>
> The unencrypted message may only be permitted right after the ClientHello; we need a better check for that. `handshakeContext` will be non-null after handling a key_update message, for example.
That's a good suggestion, thanks! I'm adding an additional `!context.isNegotiated` check. `isNegotiated` should be always true after the handshake. The `handshakeContext` after handling a `key_update` message would be of `PostHandshakeContext` type, we can also check for that but it seems redundant.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1765694925
More information about the security-dev
mailing list