RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v7]
Daniel Jeliński
djelinski at openjdk.org
Thu Mar 21 05:51:19 UTC 2024
On Wed, 20 Mar 2024 12:44:55 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> `useCompatibilityMode` is a client-side setting. See [the spec](https://www.rfc-editor.org/rfc/rfc8446#page-141):
>>> if the client sends a non-empty session ID, the server MUST send the change_cipher_spec as described in this appendix.
>
> thanks - I'd missed that this is used on client side only
Just for completeness, QUIC is using a non-null cipher for client/server hello, so setting a null cipher here would break it. But then, QUIC forbids middlebox compatibility mode, so this shouldn't be an issue.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533280143
More information about the security-dev
mailing list