Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 23
Affects Version/s: 8, 11, 17, 21, 23
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b16
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8329489	22.0.2	Prasadarao Koppula	P3	Resolved	Fixed	b02
JDK-8328787	21.0.4-oracle	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8329405	21.0.4	Goetz Lindenmaier	P3	Resolved	Fixed	b01
JDK-8328816	17.0.12-oracle	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8330349	17.0.12	Goetz Lindenmaier	P3	Resolved	Fixed	b01
JDK-8333689	11.0.25	Martin Doerr	P3	Resolved	Fixed	b01
JDK-8328817	11.0.24-oracle	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8333346	11.0.24	Martin Doerr	P3	Resolved	Fixed	b06
JDK-8328783	8u421	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8328937	8u411	Joakim Nordström	P3	Closed	Fixed	b31
JDK-8328876	8u401	Prasadarao Koppula	P3	Closed	Fixed	b35

JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message.

According to RFC 8446 (Transport Layer Security (TLS) Protocol Version 1.3) Appendix D.4 (Middlebox Compatibility Mode), if the client sends a non-empty session ID in the ClientHello message, the server sends a dummy change_cipher_spec (CCS) record immediately after its first handshake message. This may either be after a ServerHello or a HelloRetryRequest.
https://datatracker.ietf.org/doc/html/rfc8446#appendix-D.4

backported by

JDK-8328783 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8328787 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8328816 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8328817 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8329405 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8329489 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8330349 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8333346 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8333689 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Resolved

JDK-8328876 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Closed

JDK-8328937 JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message

Closed

links to

Commit openjdk/jdk11u/15c9397e

Commit openjdk/jdk17u-dev/cacc30b7

Commit openjdk/jdk21u-dev/2800d8bc

Commit openjdk/jdk22u/f2e1be5a

Commit openjdk/jdk/d44aaa37

Review openjdk/jdk11u/91

Review openjdk/jdk17u-dev/2391

Review openjdk/jdk21u-dev/420

Review openjdk/jdk22u/109

Review openjdk/jdk/18372

(6 backported by, 10 links to)

Assignee:: Prasadarao Koppula (Inactive)

Reporter:: Shadow Bug

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2024-02-26 01:18

Updated:: 2025-03-24 04:02

Resolved:: 2024-03-22 00:05

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates