RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v3]
Artur Barashev
duke at openjdk.org
Mon Sep 23 13:59:36 UTC 2024
On Sat, 21 Sep 2024 17:42:41 GMT, Bernd <duke at openjdk.org> wrote:
> > It was an encrypted message while client expected a plaintext, we weren't misled by `plaintext` in the exception message.
>
> In that case the title of the issue is wrong. (And also the message of the exception does not match „it was encrypted“
The situation is described in https://bugs.openjdk.org/browse/JDK-8331682. The problem is that client doesn't receive `serverHello`due to network timeout, thus client is still using plain text while server already switched to encrypted mode. Then server gets an unencrypted alert message from the client which results in a decryption error.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21043#issuecomment-2368350584
More information about the security-dev
mailing list