RFR 8227530: Session Resumption without Server-Side State off by default

Sean Mullan sean.mullan at oracle.com
Wed Jul 10 17:58:28 UTC 2019


I think we should leave stateless on for JDK 14 (or the main JDK repo) 
since that way we will continue to get more testing on it. If you push 
this to 13, it will be automatically pushed to JDK 14 which would change 
that default. Check with the gatekeeper to make an exception for this so 
it won't be forward-ported (contact me directly for more info).


On 7/10/19 11:52 AM, Anthony Scarpino wrote:
> Given the section descriptions say the Solution is an overview and the 
> Specification is code, I'd prefer to leave it as is.
> If you can set yourself as review, I will propose it.
> thanks
> Tony
> On 7/10/19 8:18 AM, Xuelei Fan wrote:
>> I may move the content under the "Specification" section to the 
>> "Solution" section, as it is about the implementation details.  Not a 
>> big concern of mine.  You can leave it as-is. I added myself as the 
>> reviewer.
>> Thanks,
>> Xuelei
>> On 7/10/2019 7:57 AM, Anthony Scarpino wrote:
>>> Hi
>>> Can I have a CSR review of this very simple change to turn stateless 
>>> session resumption off by default
>>> https://bugs.openjdk.java.net/browse/JDK-8227530
>>> Tony

More information about the security-dev mailing list