Code Review Request: TLS 1.3 Implementation

Xuelei Fan xuelei.fan at oracle.com
Tue Jun 5 04:12:29 UTC 2018 

 > http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01

ClientHello.java
----------------
1086  public void consume(ConnectionContext context,
1087         HandshakeMessage message) throws IOException {

1134  private void goServerHello(ServerHandshakeContext shc,
1135         ClientHelloMessage clientHello) throws IOException {

In the TLS 1.3 consumer of the ClientHello, the session resumption is 
not considered and the related variables (HandshakeContext.isResumption 
and HandshakeContext.resumingSession) are not initialized.  There is 
chance to set them in the pre_shared_key extension actors.  But it is 
too later as other extensions and connection parameters may also need to 
check the variables for session resumption before calling the last 
pre_shared_key extension actors.  Missing those checks may result in 
various unexpected issues.

I will take care of this issue in the next one day or two.

Xuelei


On 6/3/2018 9:43 PM, Xuelei Fan wrote:
> Hi,
> 
> Here it the 2nd full webrev:
>    http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
> 
> and the delta update to the 1st webrev:
>    http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.00/
> 
> Xuelei
> 
> On 5/25/2018 4:45 PM, Xuelei Fan wrote:
>> Hi,
>>
>> I'd like to invite you to review the TLS 1.3 implementation.  I 
>> appreciate it if I could have compatibility and specification feedback 
>> before May 31, 2018, and implementation feedback before June 7, 2018.
>>
>> Here is the webrev:
>>      http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>
>> The formal TLS 1.3 specification is not finalized yet, although it had 
>> been approved to be a standard.  The implementation is based on the 
>> draft version 28:
>>      https://tools.ietf.org/html/draft-ietf-tls-tls13-28
>>
>> For the overall description of this enhancement, please refer to JEP 332:
>>      http://openjdk.java.net/jeps/332
>>
>> For the compatibility and specification update, please refer to CSR 
>> 8202625:
>>      https://bugs.openjdk.java.net/browse/JDK-8202625
>>
>> Note that we are using the sandbox for the development right now.  For 
>> more information, please refer to Bradford's previous email:
>>
>> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
>>
>> Thanks & Regards,
>> Xuelei

More information about the security-dev mailing list