RFR JDK-8214129: SSL session resumption/SNI with TLS1.2 causes StackOverflowError
Jamil Nimeh
jamil.j.nimeh at oracle.com
Wed Dec 5 23:59:54 UTC 2018
Hello all,
This fix covers an issue where large numbers of TLS 1.2 session
resumptions were causing a StackOverflowError to occur. This was
happening because the SSLSessionImpl constructor creates a new
unmodifiableList from the SNI list attached to the HandshakeContext.
Since that is also an unmodifiableList, you get a new level of nesting
of lists with each successive instantiation of SSLSessionImpl.
Eventually it grows to the point that an iteration of the list causes a
stack overflow.
Bug: https://bugs.openjdk.java.net/browse/JDK-8214129
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8214129/webrev.01/
Thanks,
--Jamil
More information about the security-dev
mailing list