-
Bug
-
Resolution: Fixed
-
P4
-
20
-
None
-
b17
The situation is the ClientHello, the client may use an EC key with bad parameters, this will generate a failure by the server.
When using SSLEngine, it will not send an alert back to the client. It correctly throws an exception during the unwrap() process of the CH and the follow-on wrap() in the catch to abort the connection do not send any data or TLS alert, they return "NEED_UNWRAP" as the server restarts the handshaker.
A failed crypto situation should have generated a TLS alert to bring down the connection instead of restarting the handshaker
When using SSLEngine, it will not send an alert back to the client. It correctly throws an exception during the unwrap() process of the CH and the follow-on wrap() in the catch to abort the connection do not send any data or TLS alert, they return "NEED_UNWRAP" as the server restarts the handshaker.
A failed crypto situation should have generated a TLS alert to bring down the connection instead of restarting the handshaker