Update: RFR JDK-8211806: TLS 1.3 handshake server name indication is missing on a session resume
Xuelei Fan
xuelei.fan at oracle.com
Fri Oct 19 18:18:56 UTC 2018
Looks fine to me.
Thanks,
Xuelei
On 10/19/2018 11:04 AM, Jamil Nimeh wrote:
> Hello everyone,
>
> I've added a test to go along with the bugfix. No changes to the actual
> fix itself.
>
> Updated webrev:
> http://cr.openjdk.java.net/~jnimeh/reviews/8211806/webrev.02/
>
> Thanks,
>
> --Jamil
>
> On 10/12/18 9:39 PM, Jamil Nimeh wrote:
>> Hello all,
>>
>> This addresses an issue where the client hello in a resumed TLS 1.3
>> session lacks the server_name client hello extension. This can cause
>> servers who use this extension field to direct traffic to websites to
>> present other certificate chains for other websites than the one the
>> client actually desires (and specified in the original client hello
>> where the extension is present).
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8211806
>>
>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211806/
>>
>> Happy Friday!
>>
>> --Jamil
>>
More information about the security-dev
mailing list