RFR JDK-8211806: TLS 1.3 handshake server name indication is missing on a session resume

Bradford Wetmore bradford.wetmore at oracle.com
Mon Oct 15 15:36:09 UTC 2018


Jamil,

Do you have an idea for a unit test?  Are there any test servers that 
can do virtual server in our suites?  (e.g. return certs based on their 
server_name?)

Otherwise, I'd to do a quick double check of a couple things in the 
code, but initially it looks ok.

Brad


On 10/12/2018 9:39 PM, Jamil Nimeh wrote:
> Hello all,
> 
> This addresses an issue where the client hello in a resumed TLS 1.3 
> session lacks the server_name client hello extension.  This can cause 
> servers who use this extension field to direct traffic to websites to 
> present other certificate chains for other websites than the one the 
> client actually desires (and specified in the original client hello 
> where the extension is present).
> 
> JBS: https://bugs.openjdk.java.net/browse/JDK-8211806
> 
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211806/
> 
> Happy Friday!
> 
> --Jamil
> 



More information about the security-dev mailing list