RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v3]
Bernd
duke at openjdk.org
Fri Sep 20 19:20:36 UTC 2024
On Thu, 19 Sep 2024 21:33:11 GMT, Artur Barashev <duke at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Add assertions. Add the final server wrap
Sorry the review dropped my actual comment, what I wanted to comment is that the “maybe plaintext connection” is a red herring in the exception message, the only time when it should asume plaintext bytes being the reason for a corrupt message is fhe first packet from the peer - as this is a fairly common config issue, once both si des sent a few valid SSL packets it would be missleading to suggest it’s plaintext (at least without exactly the analysis of complete alert structure?)
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21043#issuecomment-2364408190
More information about the security-dev
mailing list