RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v5]
Daniel Jeliński
djelinski at openjdk.org
Wed Mar 20 12:33:20 UTC 2024
On Wed, 20 Mar 2024 12:05:47 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> Got it. Thanks.. CH legacy_session_id uses this check for non-empty sessionId.
>
> just see this comment regards `useCompatibilityMode` - I'd a similar concern. shouldn't useCompatibilityMode be checked no matter what value we get for `clientHello.sessionId.length() `?
`useCompatibilityMode` is a client-side setting. See [the spec](https://www.rfc-editor.org/rfc/rfc8446#page-141):
> if the client sends a non-empty session ID, the server MUST send the change_cipher_spec as described in this appendix.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531998441
More information about the security-dev
mailing list