On Wed, 20 Mar 2024 10:49:55 GMT, Sibabrata Sahoo <ssa...@openjdk.org> wrote:
>> Prasadrao Koppula has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> JDK-8326643
>
> test/jdk/javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java line 98:
>
>> 96:
>> 97: // client consumes ServerHello/HelloRetryRequest
>> 98: clientResult = clientEngine.unwrap(sTOc, clientIn);
>
> May be it would be nice to ensure it really received a HRR record when
> isHRRTest=true by checking the Handshake record attribute content
> Random=“cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c”
> which is SHA-256("HelloRetryRequest")
Great suggestion. According to the RFC, in middlebox compatibility mode, the
Server should send CCS for all the first handshake messages. Currently, those
include HRR and SH. I don't think it's wise to validate all the first handshake
messages from the Server in this test.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1533153847
