On Wed, 20 Mar 2024 10:49:55 GMT, Sibabrata Sahoo <ssa...@openjdk.org> wrote:
>> Prasadrao Koppula has updated the pull request incrementally with one >> additional commit since the last revision: >> >> JDK-8326643 > > test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 98: > >> 96: >> 97: // client consumes ServerHello/HelloRetryRequest >> 98: clientResult = clientEngine.unwrap(sTOc, clientIn); > > May be it would be nice to ensure it really received a HRR record when > isHRRTest=true by checking the Handshake record attribute content > Random=“cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c” > which is SHA-256("HelloRetryRequest") Great suggestion. According to the RFC, in middlebox compatibility mode, the Server should send CCS for all the first handshake messages. Currently, those include HRR and SH. I don't think it's wise to validate all the first handshake messages from the Server in this test. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533153847