RFR: 8331682: Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server [v9]
Daniel Jeliński
djelinski at openjdk.org
Mon Sep 30 07:19:38 UTC 2024
On Wed, 25 Sep 2024 20:01:53 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Use 'useTLS13PlusSpec()' instead of comparing the version to TLS13. This improves the odds that we won't need to fix this issue again when TLS1.4 comes out
src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 133:
> 131: context.handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
> 132: ByteBuffer packet = srcs[srcsOffset].duplicate();
> 133: packet.position(0);
Can we assume that this position will always be zero, or do we need to store the initial position before calling inputRecord.decode?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1780557347
More information about the security-dev
mailing list