Update: RFR JDK-8211806: TLS 1.3 handshake server name indication is missing on a session resume

Xuelei Fan xuelei.fan at oracle.com
Fri Oct 19 18:18:56 UTC 2018


Looks fine to me.

Thanks,
Xuelei

On 10/19/2018 11:04 AM, Jamil Nimeh wrote:
> Hello everyone,
> 
> I've added a test to go along with the bugfix.  No changes to the actual 
> fix itself.
> 
> Updated webrev: 
> http://cr.openjdk.java.net/~jnimeh/reviews/8211806/webrev.02/
> 
> Thanks,
> 
> --Jamil
> 
> On 10/12/18 9:39 PM, Jamil Nimeh wrote:
>> Hello all,
>>
>> This addresses an issue where the client hello in a resumed TLS 1.3 
>> session lacks the server_name client hello extension.  This can cause 
>> servers who use this extension field to direct traffic to websites to 
>> present other certificate chains for other websites than the one the 
>> client actually desires (and specified in the original client hello 
>> where the extension is present).
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8211806
>>
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211806/
>>
>> Happy Friday!
>>
>> --Jamil
>>



More information about the security-dev mailing list