From f476138133fa9c847a3e6571458e1d7ed527ff44 Mon Sep 17 00:00:00 2001
From: Xue-Lei Andrew Fan <xuelei@openjdk.org>
Date: Tue, 17 Dec 2019 12:55:36 -0800
Subject: [PATCH] 8235691: Enhance TLS connectivity

Reviewed-by: jnimeh, rhalade, ahgross
---
 .../sun/security/ssl/SSLTransport.java        | 22 ++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java
index adadeb20fb7..32075a3da51 100644
--- a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java
@@ -173,12 +173,24 @@ interface SSLTransport {
 
             if (plainText == null) {
                 plainText = Plaintext.PLAINTEXT_NULL;
-            } else {
-                // Fill the destination buffers.
-                if ((dsts != null) && (dstsLength > 0) &&
-                        (plainText.contentType ==
-                            ContentType.APPLICATION_DATA.id)) {
+            } else if (plainText.contentType ==
+                            ContentType.APPLICATION_DATA.id) {
+                // check handshake status
+                //
+                // Note that JDK does not support 0-RTT yet.  Otherwise, it is
+                // needed to check early_data.
+                if (!context.isNegotiated) {
+                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) {
+                        SSLLogger.warning("unexpected application data " +
+                            "before handshake completion");
+                    }
 
+                    throw context.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Receiving application data before handshake complete");
+                }
+
+                // Fill the destination buffers.
+                if ((dsts != null) && (dstsLength > 0)) {
                     ByteBuffer fragment = plainText.fragment;
                     int remains = fragment.remaining();