On Wed, 20 Aug 2025 18:11:24 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Daniel Fuchs has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 616 commits: >> >> - merge latest changes from master branch >> - merge latest http3 changes >> - Hide internal classes >> - quic: Do not decrypt 1-RTT packets until the TLS handshake is complete >> - quic: remove unused fields >> - Make final fields static >> - Remove unused variable >> - merge latest changes from master branch >> - http3: update summary in H3SimpleTest.java >> - http3: review feedback - use copy() instead of >> thenApply(Function.identity()) >> - ... and 606 more: https://git.openjdk.org/jdk/compare/908f3c96...e0aa68c9 > > src/java.base/share/classes/sun/security/ssl/ServerHello.java line 800: > >> 798: // a ServerHello or a HelloRetryRequest. >> 799: // (RFC 8446, Appendix D.4) >> 800: if (clientHello.sessionId.length() != 0) { > > What's the reason for this change? A short comment would be helpful. `changeWriteCiphers` changes the write cipher and may send a change_cipher_spec message. `encodeChangeCipherSpec` just sends the message without touching the write cipher. TLS doesn't need to change the write ciphers when processing a HelloRetry; it's already using null cipher, and there are no keys we could use anyway. QUIC on the other hand encrypts initial packets, and switching to null cipher would be against the spec. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2290472769
