RFR 8206929: Check session context for TLS session resumption

Xuelei Fan xuelei.fan at oracle.com
Thu Jul 12 16:45:10 UTC 2018

A quick question about the update in HandshakeContext.java.

+   this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
+       conContext.conSession.getLocalSupportedSignatureSchemes());

Why set the value here?  The 'null' value of localSupportedSignAlgs has 
a special meaning that it has not been set.  A few places depend on this 
special value.  The above update may set it to empty if the session has 
not been established, and then prevent the proper setting of the value 
of it later.


On 7/12/2018 8:50 AM, Adam Petcher wrote:
> This change adds some checks for session resumption in TLS 1.3 to ensure 
> that the resumed session is compatible with what is requested. 
> Specifically, I'm adding checks for protocol version, cipher suite, 
> client authentication, and signature schemes. There are also some minor 
> whitespace formatting changes in PreSharedKeyExtension.java.
> This is a JDK 11 change, so please review soon.
> Webrev: http://cr.openjdk.java.net/~apetcher/8206929/webrev.00/
> JBS: https://bugs.openjdk.java.net/browse/JDK-8206929

More information about the security-dev mailing list