RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v3]
Hai-May Chao
hchao at openjdk.org
Fri Sep 20 16:02:37 UTC 2024
On Thu, 19 Sep 2024 21:33:11 GMT, Artur Barashev <duke at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Add assertions. Add the final server wrap
src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 135:
> 133: byte minorVersion = packet.get(); // pos: 2
> 134: int contentLen = Record.getInt16(packet); // pos: 3, 4
> 135:
Do you think it may be a good idea to check further the content of the alert including the first byte (WARNING or FATAL) and the second byte (AlertDescription for close_notify)?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1768862723
More information about the security-dev
mailing list