Stateless session resumption for TLS 1.3 with enableSessionTicketExtension?
Anthony Scarpino
anthony.scarpino at oracle.com
Mon Dec 16 23:20:07 UTC 2019
On 12/16/19 12:02 PM, raell at web.de wrote:
>
> Dear all,
>
>
> in Java 13 the new System properties jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension were introduced. In TLS 1.2 and prior these properties support stateful session resumption according to RFC 5077.
>
> In TLS 1.3, however, there is no SessionTicketExtension and it isn't clear from the description [1] what impact jdk.tls.server.enableSessionTicketExtension has in case of a TLS 1.3 connection.
>
> Question 1: Does a Java server perform on a TLS 1.3 connection a stateless resp. stateful session resumption, if
> jdk.tls.server.enableSessionTicketExtension is set to true resp. false?
Yes
>
> Question 2: Does the content of the NewSessionTicket message in TLS 1.3 depend on the value of jdk.tls.server.enableSessionTicketExtension?
Yes
Tony
>
> Question 2 has been shortly discussed on the mailing list [2], but I couldn't figure out what the final answer was.
>
> [1]: https://bugs.openjdk.java.net/browse/JDK-8227105
> [2]: http://mail.openjdk.java.net/pipermail/security-dev/2019-July/020358.html
>
> Best regards,
>
> Ralph
>
More information about the security-dev
mailing list