RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v3]

Artur Barashev duke at openjdk.org
Fri Sep 20 20:10:36 UTC 2024 

On Fri, 20 Sep 2024 16:58:19 GMT, Artur Barashev <duke at openjdk.org> wrote:

>> you can't clear the sTOc buffer if you want this to work; TLS is running over TCP, and TCP never loses data. So, the final client unwrap is expected to deal with serverHello and all handshake messages before receiving the encrypted close_notify alert.
>
> @djelinski I see, thanks! But here is the exception I'm getting, it's not about unexpected command. Can we get it because server is using TLSv1.3 and client is using plaintext? How do we switch server to plaintext after encountering this situation (unexpected plaintext alert message during TLSv1.3 handshake)?
> `---Last Client Unwrap---
> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
> 	at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:145)
> 	at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEngineInputRecord.java:64)
> 	at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:613)
> 	at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:507)
> 	at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:483)
> 	at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
> 	at SSLEngineNoServerHelloClientShutdown.runTestUserCancelled(SSLEngineNoServerHelloClientShutdown.java:244)
> 	at SSLEngineNoServerHelloClientShutdown.main(SSLEngineNoServerHelloClientShutdown.java:140)
> 	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
> 	at java.base/java.lang.reflect.Method.invoke(Method.java:573)
> `

Yes, I figured out how to switch the server to plaintext and now client can read the last server message. Now it produces `(unexpected_message) Received close_notify during handshake` error. Client expects `user_cancelled` alert first before getting `close_notify` during handshake.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1769196892

More information about the security-dev mailing list