RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v5]
Sean Coffey
coffeys at openjdk.org
Wed Mar 20 12:47:20 UTC 2024
On Wed, 20 Mar 2024 12:31:02 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> just see this comment regards `useCompatibilityMode` - I'd a similar concern. shouldn't useCompatibilityMode be checked no matter what value we get for `clientHello.sessionId.length() `?
>
> `useCompatibilityMode` is a client-side setting. See [the spec](https://www.rfc-editor.org/rfc/rfc8446#page-141):
>> if the client sends a non-empty session ID, the server MUST send the change_cipher_spec as described in this appendix.
thanks - I'd missed that this is used on client side only
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1532015664
More information about the security-dev
mailing list