According to RFC 8446 section 5.4, third paragraph > Application Data records may contain a zero-length > TLSInnerPlaintext.content if the sender desires. This permits > generation of plausibly sized cover traffic in contexts where the > presence or absence of activity may be sensitive. Implementations > MUST NOT send Handshake and Alert records that have a zero-length > TLSInnerPlaintext.content; if such a message is received, the > receiving implementation MUST terminate the connection with an > "unexpected_message" alert.
The proposed change removes an off by 1 error in the SSLCipher implementation, forces the correct Alert message to be sent in response to zero-length Alert fragments, as well as updating some tests which detected the BadPaddingException but now detect a SSLProtocolException, which is thrown by `TransportContext.fatal` ------------- Commit messages: - clearer error message and test fix - 8366454: TLS1.3 server fails with bad_record_mac when receiving encrypted records with empty body Changes: https://git.openjdk.org/jdk/pull/27438/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27438&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8366454 Stats: 17 lines in 4 files changed: 10 ins; 0 del; 7 mod Patch: https://git.openjdk.org/jdk/pull/27438.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27438/head:pull/27438 PR: https://git.openjdk.org/jdk/pull/27438
