On Wed, 20 Aug 2025 16:21:42 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/Finished.java line 852: >> >>> 850: QuicTLSEngineImpl engine = >>> 851: (QuicTLSEngineImpl) >>> shc.conContext.transport; >>> 852: engine.deriveOneRTTKeys(); >> >> We should not derive the server's 1RTT read keys before processing the >> client's Finished message. >> >> Also, we could skip calculating the SSL WriteCipher when QUIC is in use. >> Also, we're calculating the baseWriteSecret twice (deriveOneRTTKeys >> calculates the same secret) > > We decided to do this as a follow up after the JEP is integrated. In the > meantime, in > https://github.com/openjdk/jdk/pull/24751/commits/8d22ca7334da8d8b49d0634ea2f23bd409613928, > we now introduce a check where the endpoint doesn't decrypt an incoming > 1-RTT packet until the TLS handshake is complete. This matches with what the > RFC-9001 specifies. > > @dfuch, @djelinski I think we can mark this conversation as resolved. Logged as https://bugs.openjdk.org/browse/JDK-8365872 (thanks @jaikiran) ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2288810658
