8360539: DTLS handshakes fails due to improper cookie validation logic

artur-oracle · artur-oracle · commit a471fe992fc0 · 2025-06-27T14:15:55.000Z
Reviewed-by: ascarpino, hchao
diff --git a/src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java b/src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -187,7 +187,7 @@ boolean isCookieValid(ServerHandshakeContext context,
             byte[] secret;
             d10ManagerLock.lock();
             try {
-                if (((cookieVersion >> 24) & 0xFF) == cookie[0]) {
+                if ((byte) ((cookieVersion >> 24) & 0xFF) == cookie[0]) {
                     secret = cookieSecret;
                 } else {
                     secret = legacySecret;  // including out of window cookies
