Stateless session resumption for TLS 1.3 with enableSessionTicketExtension?

raell at web.de raell at web.de
Tue Dec 17 12:53:51 UTC 2019


Hi Tony,

thank you for the clarification.

Btw: If I'm not mistaken, the new System properties for stateless session resumption are not included in the documentation https://docs.oracle.com/en/java/javase/13/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-93DEEE16-0B70-40E5-BBE7-55C3FD432345 (Table 8-3) so far. If they should be added there at a later time, maybe, your clarification for TLS 1.3 could be incorporated there? 

Regards,

Ralph
 
 
 
On 12/16/2019 3:20 PM, Anthony Scarpino wrote:
>> Dear all,
>>
>>
>> in Java 13 the new System properties jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension were introduced. In TLS 1.2 and prior these properties support stateful session resumption according to RFC 5077.
>>
>> In TLS 1.3, however, there is no SessionTicketExtension and it isn't clear from the description [1] what impact jdk.tls.server.enableSessionTicketExtension has in case of a TLS 1.3 connection.
>>
>> Question 1: Does a Java server perform on a TLS 1.3 connection a stateless resp. stateful session resumption, if
>> jdk.tls.server.enableSessionTicketExtension is set to true resp. false?

>Yes

>>
>> Question 2: Does the content of the NewSessionTicket message in TLS 1.3 depend on the value of jdk.tls.server.enableSessionTicketExtension?

>Yes


>Tony


More information about the security-dev mailing list