OpenJDK / jdk / jdk

changeset 57689:e331a67f4059

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8229728: Implement negotiation parameters Reviewed-by: jnimeh, ahgross, rhalade
author xuelei
date Tue, 10 Sep 2019 17:13:48 -0700
parents e5dff6472c29
children 924e6226a24e
files src/java.base/share/classes/sun/security/ssl/ClientHello.java
diffstat 1 files changed, 9 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/ClientHello.java	Mon Aug 26 13:57:51 2019 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHello.java	Tue Sep 10 17:13:48 2019 -0700
@@ -1140,6 +1140,15 @@
             ServerHandshakeContext shc = (ServerHandshakeContext)context;
             ClientHelloMessage clientHello = (ClientHelloMessage)message;
 
+            // [RFC 8446] TLS 1.3 forbids renegotiation. If a server has
+            // negotiated TLS 1.3 and receives a ClientHello at any other
+            // time, it MUST terminate the connection with an
+            // "unexpected_message" alert.
+            if (shc.conContext.isNegotiated) {
+                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Received unexpected renegotiation handshake message");
+            }
+
             // The client may send a dummy change_cipher_spec record
             // immediately after the first ClientHello.
             shc.conContext.consumers.putIfAbsent(
© 2007, Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks