On Fri, 11 Oct 2024 18:36:50 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Check for unexpected plaintext alert message during TLSv1.3 handshake. This
>> can happen if client doesn't receive ServerHello due to network timeout and
>> tries to close the connection by sending an alert message.
>
> Artur Barashev has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Adjust line length
src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 150:
> 148: int contentLen = Record.getInt16(currentFlight);
> // pos: 3, 4
> 149:
> 150: if (contentLen == 2 &&
> ContentType.ALERT.equals(ContentType.valueOf(contentType))) {
The timeout case could happen during rekeying as well. For rekeying, the
content might be encrypted with previous keys and cannot decrypted with the
current keys. As may void the condition "contentLen == 2".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1805270355
