RFR 8206929: Check session context for TLS session resumption
Adam Petcher
adam.petcher at oracle.com
Thu Jul 12 16:57:40 UTC 2018
This value needs to be set when we create a PostHandshakeContext from a
TransportContext. This only happens after the handshake is complete, so
we should always have a session (right?).
It may be better to set localSupportedSignAlgs in the constructor of
PostHandshakeContext instead of where it is now. Would that address your
concern?
On 7/12/2018 12:45 PM, Xuelei Fan wrote:
> A quick question about the update in HandshakeContext.java.
>
> + this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
> + conContext.conSession.getLocalSupportedSignatureSchemes());
>
> Why set the value here? The 'null' value of localSupportedSignAlgs
> has a special meaning that it has not been set. A few places depend
> on this special value. The above update may set it to empty if the
> session has not been established, and then prevent the proper setting
> of the value of it later.
>
> Xuelei
>
> On 7/12/2018 8:50 AM, Adam Petcher wrote:
>> This change adds some checks for session resumption in TLS 1.3 to
>> ensure that the resumed session is compatible with what is requested.
>> Specifically, I'm adding checks for protocol version, cipher suite,
>> client authentication, and signature schemes. There are also some
>> minor whitespace formatting changes in PreSharedKeyExtension.java.
>>
>> This is a JDK 11 change, so please review soon.
>>
>> Webrev: http://cr.openjdk.java.net/~apetcher/8206929/webrev.00/
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8206929
>>
More information about the security-dev
mailing list