RFR 8206929: Check session context for TLS session resumption
Xuelei Fan
xuelei.fan at oracle.com
Thu Jul 12 16:45:10 UTC 2018
A quick question about the update in HandshakeContext.java.
+ this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
+ conContext.conSession.getLocalSupportedSignatureSchemes());
Why set the value here? The 'null' value of localSupportedSignAlgs has
a special meaning that it has not been set. A few places depend on this
special value. The above update may set it to empty if the session has
not been established, and then prevent the proper setting of the value
of it later.
Xuelei
On 7/12/2018 8:50 AM, Adam Petcher wrote:
> This change adds some checks for session resumption in TLS 1.3 to ensure
> that the resumed session is compatible with what is requested.
> Specifically, I'm adding checks for protocol version, cipher suite,
> client authentication, and signature schemes. There are also some minor
> whitespace formatting changes in PreSharedKeyExtension.java.
>
> This is a JDK 11 change, so please review soon.
>
> Webrev: http://cr.openjdk.java.net/~apetcher/8206929/webrev.00/
> JBS: https://bugs.openjdk.java.net/browse/JDK-8206929
>
More information about the security-dev
mailing list