RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v3]
Daniel Jeliński
djelinski at openjdk.org
Wed Mar 20 08:16:19 UTC 2024
On Wed, 20 Mar 2024 07:44:01 GMT, Prasadrao Koppula <pkoppula at openjdk.org> wrote:
>> Thank you, I added a test
>
>>
>
> IMO, utilizing shc.conContext.outputRecord.changeWriteCiphers() is a cleaner approach, and we've used the same method in other instances.
Thanks for adding the test.
My main concern with using changeWriteCiphers here is that it sends the wrong message to the future readers of this code. It suggests that we want to actually change the cipher, and sending CCS is just a side effect. Note that all other uses of changeWriteCiphers actually change the write ciphers. If you don't want to use the other method, at least add a comment explaining why you're using it here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531654271
More information about the security-dev
mailing list