RFR: 8366244: TLS1.3 ChangeCipherSpec message received after the client's Finished message should trigger a connection abort with "unexpected message" [v2]

Artur Barashev abarashev at openjdk.org
Mon Sep 29 16:43:13 UTC 2025 

> According to the TLS specification, RFC 8446 section 5,
> 
> An implementation may receive an unencrypted record of type
>    change_cipher_spec consisting of the single byte value 0x01 at any
>    time after the first ClientHello message has been sent or received
>    and before the peer's Finished message has been received and MUST
>    simply drop it without further processing. Note that this record may
>    appear at a point at the handshake where the implementation is
>    expecting protected records, and so it is necessary to detect this
>    condition prior to attempting to deprotect the record. An
>    implementation which receives any other change_cipher_spec value or
>    which receives a protected change_cipher_spec record MUST abort the
>    handshake with an "unexpected_message" alert. If an implementation
>    detects a change_cipher_spec record received before the first
>    ClientHello message or after the peer's Finished message, it MUST be
>    treated as an unexpected record type (though stateless servers may
>    not be able to distinguish these cases from allowed cases).
> 
> 
> However the TLS implementation ignores a CCS message received after the client's Finished, instead of sending an alert(fatal, unexpected_message) and aborting the connection.

Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:

  Address review comments

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/27529/files
  - new: https://git.openjdk.org/jdk/pull/27529/files/a05ae5ff..98bc45e4

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=27529&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27529&range=00-01

  Stats: 16 lines in 1 file changed: 8 ins; 0 del; 8 mod
  Patch: https://git.openjdk.org/jdk/pull/27529.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/27529/head:pull/27529

PR: https://git.openjdk.org/jdk/pull/27529

More information about the security-dev mailing list