On Wed, 20 Mar 2024 09:52:40 GMT, Sibabrata Sahoo <ssa...@openjdk.org> wrote:
>> Yes, the server produces 2 CCS records in the case of HRR. According to RFC: >> >> "Either side can send change_cipher_spec at any time during the handshake, >> as they must be ignored by the peer, but if the client sends a non-empty >> session ID, the server MUST send the change_cipher_spec as described in this >> appendix." >> >> https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4 > > I am not an expert in this field and expressing one of my thought here and my > assumption could be wrong too. > Shouldn't it check "SSLConfiguration.useCompatibilityMode" or similar for any > change applicable to solve middlebox compatibility issue? (clientHello.sessionId.length() != 0) condition checks for same ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18372#discussion_r1531793243
