RFR 8206929: Check session context for TLS session resumption

Adam Petcher adam.petcher at oracle.com
Fri Jul 13 16:10:40 UTC 2018


On 7/13/2018 11:34 AM, Xuelei Fan wrote:

> PreSharedKeyExtension.java
> --------------------------
> The local supported signature algorithms are checked in the 
> canRejoin() method.  Should the peer supported signature algorithms be 
> checked as well?

I don't think so. When the peer creates its PreSharedKeyExtension, it 
should only offer sessions (i.e. PSK identities) that it is willing to 
resume. This includes checking for its supported signature algorithms, 
or any checks that are required by its policy. If the server gets a PSK 
identity from the client, then server should use that PSK to resume a 
session as long as it is acceptable according to the server's policy. 
Trying to figure out the peer's policy and enforce it is error prone and 
adds unnecessary complexity.

Though maybe I'm missing some other motivation to add this check.


More information about the security-dev mailing list