archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Browse source 
Reviewed-by: djelinski, coffeys, jjiang, ascarpino
This commit is contained in:
Prasadrao Koppula 2024-03-22 07:02:37 +00:00 committed by Sean Coffey
parent 9bc741d04f
commit d44aaa37f9
2 changed files with 294 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/java.base/share/classes/sun/security/ssl/ServerHello.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -794,6 +794,15 @@ final class ServerHello {
hhrm.write(shc.handshakeOutput);
shc.handshakeOutput.flush();
// In TLS1.3 middlebox compatibility mode the server sends a
// dummy change_cipher_spec record immediately after its
// first handshake message. This may either be after
// a ServerHello or a HelloRetryRequest.
// (RFC 8446, Appendix D.4)
shc.conContext.outputRecord.changeWriteCiphers(
SSLWriteCipher.nullTlsWriteCipher(),
(clientHello.sessionId.length() != 0));
// Stateless, shall we clean up the handshake context as well?
shc.handshakeHash.finish(); // forgot about the handshake hash
shc.handshakeExtensions.clear();