RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v3]
Hai-May Chao
hchao at openjdk.org
Fri Sep 20 15:50:35 UTC 2024
On Thu, 19 Sep 2024 21:33:11 GMT, Artur Barashev <duke at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Add assertions. Add the final server wrap
src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 126:
> 124: throw context.fatal(Alert.BAD_RECORD_MAC, bte);
> 125: } catch (BadPaddingException bpe) {
> 126: // Check for unexpected plaintext alert message during TLSv1.3 handshake, @bug 8331682
Suggest to modify the comments here where re-constructing the plaintext instead of @bug 8331682.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1768835110
More information about the security-dev
mailing list