Update: RFR JDK-8211806: TLS 1.3 handshake server name indication is missing on a session resume
Bradford Wetmore
bradford.wetmore at oracle.com
Sat Oct 20 00:57:04 UTC 2018
Test:
79: arf.yak.foo? Are you sure you don't want to use the new TLD .wtf
here? :)
97: You could request TLSv1.3 here, but what you have is fine since
you're hardcoding just the TLSv1.3 protocol later.
In other words, no real comments.
Brad
On 10/19/2018 11:18 AM, Xuelei Fan wrote:
> Looks fine to me.
>
> Thanks,
> Xuelei
>
> On 10/19/2018 11:04 AM, Jamil Nimeh wrote:
>> Hello everyone,
>>
>> I've added a test to go along with the bugfix. No changes to the
>> actual fix itself.
>>
>> Updated webrev:
>> http://cr.openjdk.java.net/~jnimeh/reviews/8211806/webrev.02/
>>
>> Thanks,
>>
>> --Jamil
>>
>> On 10/12/18 9:39 PM, Jamil Nimeh wrote:
>>> Hello all,
>>>
>>> This addresses an issue where the client hello in a resumed TLS 1.3
>>> session lacks the server_name client hello extension. This can cause
>>> servers who use this extension field to direct traffic to websites to
>>> present other certificate chains for other websites than the one the
>>> client actually desires (and specified in the original client hello
>>> where the extension is present).
>>>
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8211806
>>>
>>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211806/
>>>
>>> Happy Friday!
>>>
>>> --Jamil
>>>
More information about the security-dev
mailing list