RFR: 8341346: Add support for exporting TLS Keying Material [v15]
Bradford Wetmore
wetmore at openjdk.org
Wed May 14 21:44:55 UTC 2025
On Wed, 14 May 2025 19:17:15 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Merged with changes for JDK-8353578
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 329:
>
>> 327: */
>> 328:
>> 329: SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {
>
> this constructor is used for session resumption using deserialized stateless session tickets. AFAICT the resumed session uses a new set of exporter secrets (exporterMasterSecret is overwritten during processing of the Finished message, not sure about the randoms). Does it make any sense to store the original exporter secrets in the stateless ticket?
Good catch, I am 99% convinced neither is not needed. I'll be removing these changes.
For TLS 1.3, the exporter is recalculated at the end of the handshake for the new session.
For 1-1.2, the Session is indeed pulled from the serialized form, but the new session's Hello Random values are used with the existing MasterSecret to load the `TlsKeyMaterialParameterSpec` and obtain all of the keying material.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2089796579
More information about the net-dev
mailing list