8190917: SSL session resumption broken for protocols other than TLSv1.2
Xuelei Fan
xuelei.fan at oracle.com
Fri Nov 10 16:11:49 UTC 2017
On 11/9/2017 9:00 PM, Jaikiran Pai wrote:
> (Moved from jdk9-dev list[1] to here)
>
> I would like to contribute a patch, containing a potential fix and a
> test case, to the issue reported at
> https://bugs.openjdk.java.net/browse/JDK-8190917. This is going to be my
> first contribution to OpenJDK, so I would need some guidance/help in
> having this reviewed/merged, please.
>
> To give a quick overview of this specific bug - the issue relates to SSL
> session resumption which is no longer functional in Java 9 for SSL
> protocols other than TLSv1.2. The JIRA itself has more extensive details
> and a test case which reproduces the issue.
>
> So far, I have followed various documentation to setup and build OpenJDK
> locally. I have completed the following set of basic tasks:
>
> - Checked out the mercurial repo for jdk
> (http://hg.openjdk.java.net/jdk/jdk)
> - Built the JDK locally, following the instructions under
> doc/building.md
> - Run some of the basic tests successfully
>
> I have also signed and submitted the Oracle Contributor Agreement in a
> mail a few hours back.
>
> Right now I have the patch with the potential fix ready and also have a
> (jtreg) testcase which reproduces the issue and verifies the bug fix. I
> would like to understand what my next steps should be. More specifically:
>
> 1. How do I initiate a review of the proposed change? Should I
> start a new discussion, in this very mailing list, with the subject line
> having [PATCH], an attachment with the patch and the details about the
> change? Or should I be attaching the proposed change in this current
> discussion itself?
>
Per the "3. Submit a patch" section of the "How to contribute" page [2],
I may start patch with a subject line of the form "[PATCH] 8190917: Java
9 regression : SSL session resumption, through handshake, in SSLEngine
is broken for any protocols lesser than TLSv1.2". See more of "3.
Submit a patch" section about what should be contained in the patch mail.
> 2. The "How to contribute" guide states "Your patch must be built
> and tested on all relevant platforms before submission." I use Mac OS
> for development and that's the only system I have access to. Would I be
> required to test this change on other *nix and Windows OS?
>
I would not submit a patch without test on all relevant platforms. If
you only have one platform, you may want to work with your sponsor or
other contributors for the testing on the relevant platforms.
Xuelei
> [1]
> http://mail.openjdk.java.net/pipermail/jdk9-dev/2017-November/006050.html
> [2] http://openjdk.java.net/contribute/
>
> -Jaikiran
>
More information about the security-dev
mailing list