Don't pad the second ClientHello. While the previous CL fixed a bug in computing this padding, we don't actually need to pad the second (cleartext) ClientHello anyway. This padding is to work around bugs in old F5 and WebSphere servers, which do not speak TLS 1.3. Save a few bytes. Change-Id: I9b5d9bb1c0d880f1b1c9182667a9d3d82588c04c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47999 Reviewed-by: Adam Langley <agl@google.com>

commit: cd89004847ad1a58722a5cde0e1d8d25f506b01f [log] [tgz]
author: David Benjamin <davidben@google.com> Wed Jun 02 18:35:31 2021 -0400
committer: Adam Langley <agl@google.com> Thu Jun 10 16:42:05 2021 +0000
tree: 0b3df2a9646400fa466badc83ba75fda0cb781d3
parent: 350fe3bf32dcf87f281685b1e7fc8df876f396a8 [diff]
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 33621a3..9cd9f49 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -3318,7 +3318,8 @@
   }
 
   size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
-  if (!SSL_is_dtls(ssl) && !ssl->quic_method) {
+  if (!SSL_is_dtls(ssl) && !ssl->quic_method &&
+      !ssl->s3->used_hello_retry_request) {
     header_len +=
         SSL3_HM_HEADER_LENGTH + 2 + CBB_len(&extensions) + psk_extension_len;
     size_t padding_len = 0;
commit	cd89004847ad1a58722a5cde0e1d8d25f506b01f	[log] [tgz]
author	David Benjamin <davidben@google.com>	Wed Jun 02 18:35:31 2021 -0400
committer	Adam Langley <agl@google.com>	Thu Jun 10 16:42:05 2021 +0000
tree	0b3df2a9646400fa466badc83ba75fda0cb781d3
parent	350fe3bf32dcf87f281685b1e7fc8df876f396a8 [diff]