RFR, JDK-8212885: TLS 1.3 resumed session does not retain peer certificate chain

Xuelei Fan xuelei.fan at oracle.com
Tue Nov 6 15:36:28 UTC 2018


Nice update!

For the update in ClientHello.java, I may suggest moving it to 
pre_shared_key extension class.  It may be a little bit safer if the 
extension can be loaded in other places.

Thanks,
Xuelei

On 11/5/2018 11:51 PM, Jamil Nimeh wrote:
> Hello all,
> 
> This fixes an issue where TLS 1.3 resumed sessions were not carrying 
> forward many of the parameters from the parent session, namely the peer 
> certificates, but also the local certificates and a few other 
> SSLSessionImpl fields.  This also moves the fix from an earlier, related 
> issue with SNI names (JDK-8211806) into this new solution.
> 
> JBS: https://bugs.openjdk.java.net/browse/JDK-8212885
> 
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8212885/webrev.01
> 
> Thanks,
> 
> --Jamil
> 



More information about the security-dev mailing list