RFR: 8341346: Add support for exporting TLS Keying Material [v13]
Bradford Wetmore
wetmore at openjdk.org
Thu May 15 00:29:54 UTC 2025
On Tue, 13 May 2025 21:44:21 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 16 commits:
>>
>> - Merge branch 'master' into JDK-8341346
>> - Missed one review comment
>> - More codereview comments
>> - Merge branch 'master' into JDK-8341346
>> - Adjustments made for JDK-8350830
>> - Merge branch 'master' into JDK-8341346
>> - Rework to avoid PKCS11 data extraction problems, and enhanced input verification and unit testing
>> - More Codereview comments
>> - Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 for compilation)
>> - Add in the SharedSecrets SecretKeySpec clearing mechanism
>> - ... and 6 more: https://git.openjdk.org/jdk/compare/d1543429...87ad9ead
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1583:
>
>> 1581: // Calculations are primarily based on protocol version.
>> 1582: switch (protocolVersion) {
>> 1583: case TLS13: // HKDF-based
>
> Should we also handle `TLS13Plus` versions here?
I like the enumeration as it's possible there could be new behavior with TLS14Plus, but this might save a few minutes down the road, so I've changed it.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2089938492
More information about the net-dev
mailing list