Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8293176

SSLEngine handshaker does not send an alert after a bad parameters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P4
    • 22
    • 20
    • security-libs
    • None

    Description

      The situation is the ClientHello, the client may use an EC key with bad parameters, this will generate a failure by the server.

      When using SSLEngine, it will not send an alert back to the client. It correctly throws an exception during the unwrap() process of the CH and the follow-on wrap() in the catch to abort the connection do not send any data or TLS alert, they return "NEED_UNWRAP" as the server restarts the handshaker.

      A failed crypto situation should have generated a TLS alert to bring down the connection instead of restarting the handshaker

      Attachments

        Issue Links

          Activity

            People

              djelinski Daniel Jelinski
              ascarpino Anthony Scarpino
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: