RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v9]
Artur Barashev
abarashev at openjdk.org
Fri Sep 27 19:22:37 UTC 2024
On Fri, 27 Sep 2024 18:56:49 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Use 'useTLS13PlusSpec()' instead of comparing the version to TLS13. This improves the odds that we won't need to fix this issue again when TLS1.4 comes out
>
> src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 144:
>
>> 142: }
>> 143:
>> 144: plaintexts = new Plaintext[]{
>
> do we need to advance the position of the input buffer here?
You mean the `packet` buffer? No, it has 2 bytes remaining as it should.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1779058350
More information about the security-dev
mailing list