On Wed, 18 Sep 2024 11:30:46 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8331682 > > src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 112: > >> 110: >> 111: // Check for unexpected plaintext alert message during TLSv1.3 >> handshake, @bug 8331682 >> 112: if (srcsLength == 1 && context.handshakeContext != null && > > The unencrypted message may only be permitted right after the ClientHello; we > need a better check for that. `handshakeContext` will be non-null after > handling a key_update message, for example. That's a good suggestion, thanks! I'm adding an additional `!context.isNegotiated` check. `isNegotiated` should be always true after the handshake. The `handshakeContext` after handling a `key_update` message would be of `PostHandshakeContext` type, we can also check for that but it seems redundant. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1765694925
