From f476138133fa9c847a3e6571458e1d7ed527ff44 Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan <xuelei@openjdk.org> Date: Tue, 17 Dec 2019 12:55:36 -0800 Subject: [PATCH] 8235691: Enhance TLS connectivity Reviewed-by: jnimeh, rhalade, ahgross --- .../sun/security/ssl/SSLTransport.java | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java index adadeb20fb7..32075a3da51 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java @@ -173,12 +173,24 @@ interface SSLTransport { if (plainText == null) { plainText = Plaintext.PLAINTEXT_NULL; - } else { - // Fill the destination buffers. - if ((dsts != null) && (dstsLength > 0) && - (plainText.contentType == - ContentType.APPLICATION_DATA.id)) { + } else if (plainText.contentType == + ContentType.APPLICATION_DATA.id) { + // check handshake status + // + // Note that JDK does not support 0-RTT yet. Otherwise, it is + // needed to check early_data. + if (!context.isNegotiated) { + if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) { + SSLLogger.warning("unexpected application data " + + "before handshake completion"); + } + throw context.fatal(Alert.UNEXPECTED_MESSAGE, + "Receiving application data before handshake complete"); + } + + // Fill the destination buffers. + if ((dsts != null) && (dstsLength > 0)) { ByteBuffer fragment = plainText.fragment; int remains = fragment.remaining();