JDK-8342211 : Insufficient buffer remaining for AEAD cipher fragment
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2024-10-15
  • Updated: 2024-11-04
  • Resolved: 2024-11-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 24
24Resolved
Related Reports
Duplicate :  
JDK-8331682 - Slow networks/Impatient clients can potentially send unencrypted TLSv1.3 alerts that won't parse on the server
Description
During TLS connection, it is possible to throw an exception [1]: 

javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)

The exception message shows Insufficient buffer, but it should never happen in practice for TLS connections.  However, it happens a lot but the message itself does not show up enough information for trouble shooting.

The issue may happen if the connection get interrupted and there is a race condition in the peer and plaintext alert message sent to local.  However, the local may expect a cipher-text instead.

It would be nice to improve the message for better debugging experiences. 

[1]: https://github.com/opensearch-project/security/issues/3299
Comments
Closing as the duplicate of JDK-8331682
04-11-2024
This looks like a manifestation of JDK-8331682, I have a pending PR to address it: https://github.com/openjdk/jdk/pull/21043
16-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/21529 Date: 2024-10-16 05:19:09 +0000
16-10-2024