RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v5]

[Sibabrata Sahoo]

On Wed, 20 Mar 2024 09:55:34 GMT, Prasadrao Koppula <pkoppula at openjdk.org> wrote:

>> JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message.
>> 
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a non-empty session ID in the ClientHello message, the server sends a dummy change_cipher_spec (CCS) record immediately after its first handshake message. This may either be after a ServerHello or a HelloRetryRequest.
>> 
>> https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4
>
> Prasadrao Koppula has updated the pull request incrementally with one additional commit since the last revision:
> 
>   JDK-8326643

test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 98:

> 96: 
> 97:             // client consumes ServerHello/HelloRetryRequest
> 98:             clientResult = clientEngine.unwrap(sTOc, clientIn);

May be it would be nice to ensure it really received a HRR record when isHRRTest=true by checking the Handshake record attribute content Random=“cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c” which is SHA-256("HelloRetryRequest")

test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 112:

> 110:             if (isTlsMessage(sTOc, TLS_RECTYPE_CCS)) {
> 111:                 System.out.println("=========== CCS found ===========");
> 112:             }

"else" alignment issue.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531860384
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531847062