archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8262509: JSSE Server should check the legacy version in TLSv1.3 ClientHello

Browse source 
Reviewed-by: xuelei, wetmore
This commit is contained in:
John Jiang 2021-03-01 22:26:15 +00:00
parent 642f45f9dc
commit 353416ffca
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/java.base/share/classes/sun/security/ssl/ClientHello.java
View file

@ -1149,6 +1149,11 @@ final class ClientHello {
"Received unexpected renegotiation handshake message"); "Received unexpected renegotiation handshake message");
} }
if (clientHello.clientVersion != ProtocolVersion.TLS12.id) {
throw shc.conContext.fatal(Alert.PROTOCOL_VERSION,
"The ClientHello.legacy_version field is not TLS 1.2");
}
// The client may send a dummy change_cipher_spec record // The client may send a dummy change_cipher_spec record
// immediately after the first ClientHello. // immediately after the first ClientHello.
shc.conContext.consumers.putIfAbsent( shc.conContext.consumers.putIfAbsent(