On Wed, 20 Mar 2024 09:55:34 GMT, Prasadrao Koppula <pkopp...@openjdk.org> wrote:
>> JDK server does not send a dummy change_cipher_spec record after >> HelloRetryRequest message. >> >> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a >> non-empty session ID in the ClientHello message, the server sends a dummy >> change_cipher_spec (CCS) record immediately after its first handshake >> message. This may either be after a ServerHello or a HelloRetryRequest. >> >> https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4 > > Prasadrao Koppula has updated the pull request incrementally with one > additional commit since the last revision: > > JDK-8326643 test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 98: > 96: > 97: // client consumes ServerHello/HelloRetryRequest > 98: clientResult = clientEngine.unwrap(sTOc, clientIn); May be it would be nice to ensure it really received a HRR record when isHRRTest=true by checking the Handshake record attribute content Random=“cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c” which is SHA-256("HelloRetryRequest") test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 112: > 110: if (isTlsMessage(sTOc, TLS_RECTYPE_CCS)) { > 111: System.out.println("=========== CCS found ==========="); > 112: } "else" alignment issue. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531860384 PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531847062
