RFR: 8341346: Add support for exporting TLS Keying Material [v27]
Hai-May Chao
hchao at openjdk.org
Fri May 30 14:57:57 UTC 2025
On Fri, 30 May 2025 01:25:37 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1494:
>>
>>> 1492: if (exporterMasterSecret == null) {
>>> 1493: throw new RuntimeException(
>>> 1494: "Exporter master secret not captured");
>>
>> Do you want to choose another exception type? Like `ProviderException`. Actually, how unlikely this is? If you believe this would never happen (unless there is a programming error), you can even throw an `AssertionError`.
>>
>> Same question in `useTLS10PlusSpec()` for the two randoms.
>
> @wangweij asked if `SSLSession` are ever in a partially completed state. The answer is yes, during handshaking the `SSLSocket/SSLEngine.getHandshakeSession()` methods can return `SSLSession` that is incomplete. As such, it makes more sense for this to be an `IllegalArgumentException`.
>
> Drafted the CSR, made the update, and refinalized it. Hopefully the wording is acceptable. ;)
Updates look good.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2116081641
More information about the net-dev
mailing list