RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v7]
John Jiang
jjiang at openjdk.org
Thu Mar 21 03:30:23 UTC 2024
On Thu, 21 Mar 2024 02:03:39 GMT, Prasadrao Koppula <pkoppula at openjdk.org> wrote:
>> JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message.
>>
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a non-empty session ID in the ClientHello message, the server sends a dummy change_cipher_spec (CCS) record immediately after its first handshake message. This may either be after a ServerHello or a HelloRetryRequest.
>>
>> https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4
>
> Prasadrao Koppula has updated the pull request incrementally with one additional commit since the last revision:
>
> JDK-8326643
test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 141:
> 139: boolean foundMsg = false;
> 140:
> 141: if (srcRecord.hasRemaining()) {
If `srcRecord` has no more content, the method could return immediately, then no need this big `if` block.
if (!srcRecord.hasRemaining()) {
return false;
}
test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 152:
> 150: // For any zero-length recParams, making sure the requested
> 151: // type is sufficient.
> 152: if (recParams.length == 0) {
I'm confused by the method `isTlsMessage`.
It looks `recParams` always empty, since line 105 doesn't pass any value to this parameter.
And `reqRecType` is only `TLS_RECTYPE_CCS`, then what's the purpose of the below switch block (line 155-196)?
test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 192:
> 190: int msgType = (msgHdr >> 24) & 0x000000FF;
> 191: if (msgType == recParams[0]) {
> 192: foundMsg = true;
Looks 192-195 lines have indent issue.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533192360
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533203800
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533193256
More information about the security-dev
mailing list