RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v5]
Prasadrao Koppula
pkoppula at openjdk.org
Thu Mar 21 01:33:20 UTC 2024
On Wed, 20 Mar 2024 11:55:36 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> Prasadrao Koppula has updated the pull request incrementally with one additional commit since the last revision:
>>
>> JDK-8326643
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 802:
>
>> 800: // a ServerHello or a HelloRetryRequest.
>> 801: //(RFC 8446, Appendix D.4)
>> 802: shc.conContext.outputRecord.changeWriteCiphers(
>
> the JDK exposes middlebox compatibility mode via the `jdk.tls.client.useCompatibilityMode` property. Is that a factor for this fix ?
No, in that case, clientHello.sessionId.length() will be zero, and it won't send CCS.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533128211
More information about the security-dev
mailing list