RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v3]
Artur Barashev
duke at openjdk.org
Sat Sep 21 00:40:38 UTC 2024
On Fri, 20 Sep 2024 19:18:25 GMT, Bernd <duke at openjdk.org> wrote:
> Sorry the review dropped my actual comment, what I wanted to comment is that the “maybe plaintext connection” is a red herring in the exception message, the only time when it should asume plaintext bytes being the reason for a corrupt message is fhe first packet from the peer - as this is a fairly common config issue, once both si des sent a few valid SSL packets it would be missleading to suggest it’s plaintext (at least without exactly the analysis of complete alert structure?)
It was an encrypted message while client expected a plaintext, we weren't misled by `plaintext` in the exception message.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21043#issuecomment-2364784515
More information about the security-dev
mailing list