RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v2]
Artur Barashev
duke at openjdk.org
Wed Sep 18 21:23:19 UTC 2024
> https://bugs.openjdk.org/browse/JDK-8331682
Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
- Rather than proactively scanning every packet for this unlikely scenario, we reactively check for unencrypted alert after getting the BadPaddingException
- Add "!context.isNegotiated" check as "handshakeContext" can be non-null if server receives a Post-Handshake message
- Update test to send "close_notify" alert after "user_cancelled" alert
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/21043/files
- new: https://git.openjdk.org/jdk/pull/21043/files/03b4089d..def7e57e
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=21043&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=21043&range=00-01
Stats: 75 lines in 2 files changed: 35 ins; 19 del; 21 mod
Patch: https://git.openjdk.org/jdk/pull/21043.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/21043/head:pull/21043
PR: https://git.openjdk.org/jdk/pull/21043
More information about the security-dev
mailing list