RFR 8213202: Possible race condition in TLS 1.3 session resumption
Adam Petcher
adam.petcher at oracle.com
Fri Nov 9 19:09:06 UTC 2018
JBS: https://bugs.openjdk.java.net/browse/JDK-8213202
webrev: http://cr.openjdk.java.net/~apetcher/8213202/webrev.00/
This change fixes a bug that allows multiple clients thread to offer the
same PSK to the server, even though only one thread may actually use the
PSK to resume the session. The other threads will fail to connect and
throw an exception. This is noreg-hard because the bug doesn't happen
with the JDK TLS server, and we don't have a regression test harness
that allows us to simulate some particular server behavior. I tested the
fix by connecting multiple JDK clients to an openssl server.
More information about the security-dev
mailing list