If the SSLEngine client receives a fatal alert, an exception for
Alerts.alert_unexpected_message is generated, which is an SSLException,
not for the alert received, which would be an SSLHandhsakeException.
Is this intentional? If not, the attached patch fixes that.
I see this when the client receives an inappropriate_fallback alert with
my TLS_FALLBACK_SCSV patch, but I can't see a reason why the behavior
for other alerts would be different.
--
Florian Weimer / Red Hat Product Security
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
@@ -1833,10 +1839,7 @@
} else { // fatal or unknown level
String reason = "Received fatal alert: "
+ Alerts.alertDescription(description);
- if (closeReason == null) {
- closeReason = Alerts.getSSLException(description, reason);
- }
- fatal(Alerts.alert_unexpected_message, reason);
+ fatal(description, reason);
}
}
