RFR 8213202: Possible race condition in TLS 1.3 session resumption
Jamil Nimeh
jamil.j.nimeh at oracle.com
Mon Nov 19 23:30:37 UTC 2018
Hi Adam,
I think this looks good.
On 11/9/2018 11:09 AM, Adam Petcher wrote:
> JBS: https://bugs.openjdk.java.net/browse/JDK-8213202
> webrev: http://cr.openjdk.java.net/~apetcher/8213202/webrev.00/
>
> This change fixes a bug that allows multiple clients thread to offer
> the same PSK to the server, even though only one thread may actually
> use the PSK to resume the session. The other threads will fail to
> connect and throw an exception. This is noreg-hard because the bug
> doesn't happen with the JDK TLS server, and we don't have a regression
> test harness that allows us to simulate some particular server
> behavior. I tested the fix by connecting multiple JDK clients to an
> openssl server.
>
More information about the security-dev
mailing list