On Mon, 30 Sep 2024 07:16:38 GMT, Daniel Jeliński <[email protected]> wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Use 'useTLS13PlusSpec()' instead of comparing the version to TLS13. This
>> improves the odds that we won't need to fix this issue again when TLS1.4
>> comes out
>
> src/java.base/share/classes/sun/security/ssl/SSLTransport.java line 133:
>
>> 131:
>> context.handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
>> 132: ByteBuffer packet = srcs[srcsOffset].duplicate();
>> 133: packet.position(0);
>
> Can we assume that this position will always be zero, or do we need to store
> the initial position before calling inputRecord.decode?
I think we can't, good catch. It is unlikely that the alert will be following
another command in the buffer but it is technically possible. I'll make a
change.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21043#discussion_r1781294663
