Re: RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Daniel Jeliński Tue, 19 Mar 2024 02:06:51 -0700

On Tue, 19 Mar 2024 08:43:38 GMT, Prasadrao Koppula <pkopp...@openjdk.org> 
wrote:


>> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 804:
>> 
>>> 802:             shc.conContext.outputRecord.changeWriteCiphers(
>>> 803:                 SSLWriteCipher.nullTlsWriteCipher(),
>>> 804:                     (clientHello.sessionId.length() != 0));
>> 
>> Suggestion:
>> 
>>             if (clientHello.sessionId.length() != 0) {
>>                 shc.conContext.outputRecord.encodeChangeCipherSpec();
>>             }
>
> Unfortunately, we lack separate properties to control named groups in both 
> the server and client. When running server and client threads in the same 
> JVM, manipulating client hello packets to prompt the server to trigger HRR 
> becomes exceedingly challenging.

since [JDK-8281236](https://bugs.openjdk.org/browse/JDK-8281236) / 
5d4c71c8bd361af78c90777f17b79e95d8eb5afe / JDK 20 we have setNamedGroups 
function to control named groups on every endpoint.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1529976574

Re: RFR: 8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Reply via email to