RFR 8206929: Check session context for TLS session resumption

Xuelei Fan xuelei.fan at oracle.com
Thu Jul 12 17:02:08 UTC 2018


Set it in PostHandshakeContext should be fine as the session should have 
been negotiated.

Thanks,
Xuelei

On 7/12/2018 9:57 AM, Adam Petcher wrote:
> This value needs to be set when we create a PostHandshakeContext from a 
> TransportContext. This only happens after the handshake is complete, so 
> we should always have a session (right?).
> 
> It may be better to set localSupportedSignAlgs in the constructor of 
> PostHandshakeContext instead of where it is now. Would that address your 
> concern?
> 
> 
> On 7/12/2018 12:45 PM, Xuelei Fan wrote:
>> A quick question about the update in HandshakeContext.java.
>>
>> +   this.localSupportedSignAlgs = new ArrayList<SignatureScheme>(
>> + conContext.conSession.getLocalSupportedSignatureSchemes());
>>
>> Why set the value here?  The 'null' value of localSupportedSignAlgs 
>> has a special meaning that it has not been set.  A few places depend 
>> on this special value.  The above update may set it to empty if the 
>> session has not been established, and then prevent the proper setting 
>> of the value of it later.
>>
>> Xuelei
>>
>> On 7/12/2018 8:50 AM, Adam Petcher wrote:
>>> This change adds some checks for session resumption in TLS 1.3 to 
>>> ensure that the resumed session is compatible with what is requested. 
>>> Specifically, I'm adding checks for protocol version, cipher suite, 
>>> client authentication, and signature schemes. There are also some 
>>> minor whitespace formatting changes in PreSharedKeyExtension.java.
>>>
>>> This is a JDK 11 change, so please review soon.
>>>
>>> Webrev: http://cr.openjdk.java.net/~apetcher/8206929/webrev.00/
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8206929
>>>
> 


More information about the security-dev mailing list