From a471fe992fc0d71ba65b5fdbcc44b97a2783b90a Mon Sep 17 00:00:00 2001
From: Artur Barashev <abarashev@openjdk.org>
Date: Fri, 27 Jun 2025 14:15:55 +0000
Subject: [PATCH] 8360539: DTLS handshakes fails due to improper cookie
 validation logic

Reviewed-by: ascarpino, hchao
---
 .../share/classes/sun/security/ssl/HelloCookieManager.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java b/src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java
index 5c2a09b7c03..b3155f5170a 100644
--- a/src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java
+++ b/src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -187,7 +187,7 @@ abstract class HelloCookieManager {
             byte[] secret;
             d10ManagerLock.lock();
             try {
-                if (((cookieVersion >> 24) & 0xFF) == cookie[0]) {
+                if ((byte) ((cookieVersion >> 24) & 0xFF) == cookie[0]) {
                     secret = cookieSecret;
                 } else {
                     secret = legacySecret;  // including out of window cookies