RFR: 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body
Alice Pellegrini
duke at openjdk.org
Wed Sep 24 14:32:00 UTC 2025
On Wed, 24 Sep 2025 13:27:54 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Or do we never generate empty plaintexts?
That seems to be the case: both [SSLEngine](https://github.c≈om/openjdk/jdk/blob/735afd93bbdd63d53dc4cec0ac970026ac95cc64/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java#L216-L223) and [SSLSocket](https://github.com/openjdk/jdk/blob/735afd93bbdd63d53dc4cec0ac970026ac95cc64/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java#L1278-L1286) skip them.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/27438#issuecomment-3328830107
More information about the security-dev
mailing list