--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java	Fri May 25 14:24:17 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java	Sat May 26 15:15:27 2018 -0700
@@ -344,12 +344,11 @@
             }
 
             // Generate the ServerHello handshake message.
-            // TODO: not yet consider downgrade protection.
             ServerHelloMessage shm = new ServerHelloMessage(shc,
                     shc.negotiatedProtocol,
                     shc.handshakeSession.getSessionId(),
                     shc.negotiatedCipherSuite,
-                    new RandomCookie(shc.sslContext.getSecureRandom()),
+                    new RandomCookie(shc),
                     clientHello);
             shc.serverHelloRandom = shm.serverRandom;
 
@@ -557,12 +556,12 @@
             shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
                     SSLHandshake.FINISHED);
 
-            // TODO: not yet consider downgrade protection.
+            // Generate the ServerHello handshake message.
             ServerHelloMessage shm = new ServerHelloMessage(shc,
                     ProtocolVersion.TLS12,      // use legacy version
                     clientHello.sessionId,      // echo back
                     shc.negotiatedCipherSuite,
-                    new RandomCookie(shc.sslContext.getSecureRandom()),
+                    new RandomCookie(shc),
                     clientHello);
             shc.serverHelloRandom = shm.serverRandom;
 
@@ -959,6 +958,11 @@
                     "Negotiated protocol version: " + serverVersion.name);
             }
 
+            if (serverHello.serverRandom.isVersionDowngrade(chc)) {
+                chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+                    "A potential protocol versoin downgrade attack");
+            }
+
             // Consume the handshake message for the specific protocol version.
             if (serverVersion.isDTLS) {
                 if (serverVersion.useTLS13PlusSpec()) {