Update: RFR JDK-8211806: TLS 1.3 handshake server name indication is missing on a session resume
Jamil Nimeh
jamil.j.nimeh at oracle.com
Fri Oct 19 18:04:28 UTC 2018
Hello everyone,
I've added a test to go along with the bugfix. No changes to the actual
fix itself.
Updated webrev:
http://cr.openjdk.java.net/~jnimeh/reviews/8211806/webrev.02/
Thanks,
--Jamil
On 10/12/18 9:39 PM, Jamil Nimeh wrote:
> Hello all,
>
> This addresses an issue where the client hello in a resumed TLS 1.3
> session lacks the server_name client hello extension. This can cause
> servers who use this extension field to direct traffic to websites to
> present other certificate chains for other websites than the one the
> client actually desires (and specified in the original client hello
> where the extension is present).
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8211806
>
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211806/
>
> Happy Friday!
>
> --Jamil
>
More information about the security-dev
mailing list