On Wed, 20 Mar 2024 09:33:56 GMT, Prasadrao Koppula <pkopp...@openjdk.org> wrote:
>> Will it produce 2 ChangeCipherSpec record. One after HRR and other after SH? > > Yes, the server produces 2 CCS records in the case of HRR. According to RFC: > > "Either side can send change_cipher_spec at any time during the handshake, as > they must be ignored by the peer, but if the client sends a non-empty session > ID, the server MUST send the change_cipher_spec as described in this > appendix." > > https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4 I am not an expert in this field and expressing one of my thought here and my assumption could be wrong too. Shouldn't it check "SSLConfiguration.useCompatibilityMode" for any change applicable to solve middlebox issue? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531783071
