RFR: 8341346: Add support for exporting TLS Keying Material [v10]
Weijun Wang
weijun at openjdk.org
Tue May 13 13:09:53 UTC 2025
On Tue, 13 May 2025 12:26:54 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> I was following the SecretKey.getEncoded() style. I see now that KDF.deriveData() does do UOE.
>>
>> I could go either way on this. I do need to make this consistent, I have TLSv1.3 using KDF style, and TLSv1-TLSv1.2 using the null.
>
> It seems like it should be an exception, whatever you decide to do. The caller is asking for the keying material data, and the provider cannot fulfill that request, so I think explaining why it could not be done would be best represented in an exception.
+1 for UOE. It's not that we got a key and found it un-extractable. It's that we asked for data but were refused.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2086786782
More information about the net-dev
mailing list