RFR: 8341346: Add support for exporting TLS Keying Material [v15]
Daniel Jeliński
djelinski at openjdk.org
Wed May 14 19:19:54 UTC 2025
On Wed, 14 May 2025 04:03:44 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
>
> Merged with changes for JDK-8353578
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 329:
> 327: */
> 328:
> 329: SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {
this constructor is used for session resumption using deserialized stateless session tickets. AFAICT the resumed session uses a new set of exporter secrets (exporterMasterSecret is overwritten during processing of the Finished message, not sure about the randoms). Does it make any sense to store the original exporter secrets in the stateless ticket?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2089580932
More information about the net-dev
mailing list