RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message [v7]
Sean Coffey
coffeys at openjdk.org
Thu Mar 21 07:26:21 UTC 2024
On Thu, 21 Mar 2024 02:03:39 GMT, Prasadrao Koppula <pkoppula at openjdk.org> wrote:
>> JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message.
>>
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a non-empty session ID in the ClientHello message, the server sends a dummy change_cipher_spec (CCS) record immediately after its first handshake message. This may either be after a ServerHello or a HelloRetryRequest.
>>
>> https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4
>
> Prasadrao Koppula has updated the pull request incrementally with one additional commit since the last revision:
>
> JDK-8326643
LGTM. The `isTlsMessage` test method seems to be repeated across a few tests now. Any fix up here is lost on the other tests calling identical code.
In a follow on PR, it might be an idea to extract that out into a test library utility call.
-------------
Marked as reviewed by coffeys (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/18372#pullrequestreview-1950937483
More information about the security-dev
mailing list