RFR JDK-8214129: SSL session resumption/SNI with TLS1.2 causes StackOverflowError
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu Dec 6 21:09:00 UTC 2018
Hello everyone,
Updates from Xuelei's comments have been folded into an updated webrev:
http://cr.openjdk.java.net/~jnimeh/reviews/8214129/webrev.02/
Thank you,
--Jamil
On 12/5/18 3:59 PM, Jamil Nimeh wrote:
> Hello all,
>
> This fix covers an issue where large numbers of TLS 1.2 session
> resumptions were causing a StackOverflowError to occur. This was
> happening because the SSLSessionImpl constructor creates a new
> unmodifiableList from the SNI list attached to the HandshakeContext.
> Since that is also an unmodifiableList, you get a new level of nesting
> of lists with each successive instantiation of SSLSessionImpl.
> Eventually it grows to the point that an iteration of the list causes
> a stack overflow.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8214129
>
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8214129/webrev.01/
>
> Thanks,
>
> --Jamil
>
More information about the security-dev
mailing list