RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v3]
Prasadrao Koppula
pkoppula at openjdk.org
Wed Mar 20 08:29:21 UTC 2024
On Wed, 20 Mar 2024 08:13:14 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>>>
>>
>> IMO, utilizing shc.conContext.outputRecord.changeWriteCiphers() is a cleaner approach, and we've used the same method in other instances.
>
> Thanks for adding the test.
>
> My main concern with using changeWriteCiphers here is that it sends the wrong message to the future readers of this code. It suggests that we want to actually change the cipher, and sending CCS is just a side effect. Note that all other uses of changeWriteCiphers actually change the write ciphers. If you don't want to use the other method, at least add a comment explaining why you're using it here.
Thanks for the review, in the comments I mentioned that, this call sends a dummy change_cipher_spec (CCS) record. I hope, It explains why we are calling it here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531668446
More information about the security-dev
mailing list