RFR 8213202: Possible race condition in TLS 1.3 session resumption

Adam Petcher adam.petcher at oracle.com
Fri Nov 9 19:09:06 UTC 2018


JBS: https://bugs.openjdk.java.net/browse/JDK-8213202
webrev: http://cr.openjdk.java.net/~apetcher/8213202/webrev.00/

This change fixes a bug that allows multiple clients thread to offer the 
same PSK to the server, even though only one thread may actually use the 
PSK to resume the session. The other threads will fail to connect and 
throw an exception. This is noreg-hard because the bug doesn't happen 
with the JDK TLS server, and we don't have a regression test harness 
that allows us to simulate some particular server behavior. I tested the 
fix by connecting multiple JDK clients to an openssl server.



More information about the security-dev mailing list