RFR JDK-8211806: TLS 1.3 handshake server name indication is missing on a session resume
Bradford Wetmore
bradford.wetmore at oracle.com
Mon Oct 15 15:36:09 UTC 2018
Jamil,
Do you have an idea for a unit test? Are there any test servers that
can do virtual server in our suites? (e.g. return certs based on their
server_name?)
Otherwise, I'd to do a quick double check of a couple things in the
code, but initially it looks ok.
Brad
On 10/12/2018 9:39 PM, Jamil Nimeh wrote:
> Hello all,
>
> This addresses an issue where the client hello in a resumed TLS 1.3
> session lacks the server_name client hello extension. This can cause
> servers who use this extension field to direct traffic to websites to
> present other certificate chains for other websites than the one the
> client actually desires (and specified in the original client hello
> where the extension is present).
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8211806
>
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211806/
>
> Happy Friday!
>
> --Jamil
>
More information about the security-dev
mailing list