RFR: 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body
Alice Pellegrini
duke at openjdk.org
Tue Sep 23 09:59:43 UTC 2025
According to RFC 8446 section 5.4, third paragraph
> Application Data records may contain a zero-length
> TLSInnerPlaintext.content if the sender desires. This permits
> generation of plausibly sized cover traffic in contexts where the
> presence or absence of activity may be sensitive. Implementations
> MUST NOT send Handshake and Alert records that have a zero-length
> TLSInnerPlaintext.content; if such a message is received, the
> receiving implementation MUST terminate the connection with an
> "unexpected_message" alert.
The proposed change removes an off by 1 error in the SSLCipher implementation, forces the correct Alert message to be sent in response to zero-length Alert fragments, as well as updating some tests which detected the BadPaddingException but now detect a SSLProtocolException, which is thrown by `TransportContext.fatal`
-------------
Commit messages:
- clearer error message and test fix
- 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body
Changes: https://git.openjdk.org/jdk/pull/27438/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27438&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8366454
Stats: 17 lines in 4 files changed: 10 ins; 0 del; 7 mod
Patch: https://git.openjdk.org/jdk/pull/27438.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27438/head:pull/27438
PR: https://git.openjdk.org/jdk/pull/27438
More information about the security-dev
mailing list