RFR: 8341346: Add support for exporting TLS Keying Material [v15]
Bradford Wetmore
wetmore at openjdk.org
Thu May 15 00:00:58 UTC 2025
On Wed, 14 May 2025 21:42:06 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 329:
>>
>>> 327: */
>>> 328:
>>> 329: SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {
>>
>> this constructor is used for session resumption using deserialized stateless session tickets. AFAICT the resumed session uses a new set of exporter secrets (exporterMasterSecret is overwritten during processing of the Finished message, not sure about the randoms). Does it make any sense to store the original exporter secrets in the stateless ticket?
>
> Good catch, I am 99% convinced neither is not needed. I'll be removing these changes.
>
> For TLS 1.3, the exporter is recalculated at the end of the handshake for the new session.
>
> For 1-1.2, the Session is indeed pulled from the serialized form, but the new session's Hello Random values are used with the existing MasterSecret to load the `TlsKeyMaterialParameterSpec` and obtain all of the keying material.
Update, will push soon.
Had to move the random capture locations, as they need to capture the new client/server randoms instead of when the PMS is calculated.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2089922075
More information about the net-dev
mailing list