RFR 8227530: Session Resumption without Server-Side State off by default
Sean Mullan
sean.mullan at oracle.com
Wed Jul 10 17:58:28 UTC 2019
Tony,
I think we should leave stateless on for JDK 14 (or the main JDK repo)
since that way we will continue to get more testing on it. If you push
this to 13, it will be automatically pushed to JDK 14 which would change
that default. Check with the gatekeeper to make an exception for this so
it won't be forward-ported (contact me directly for more info).
--Sean
On 7/10/19 11:52 AM, Anthony Scarpino wrote:
> Given the section descriptions say the Solution is an overview and the
> Specification is code, I'd prefer to leave it as is.
>
> If you can set yourself as review, I will propose it.
>
> thanks
>
> Tony
>
> On 7/10/19 8:18 AM, Xuelei Fan wrote:
>> I may move the content under the "Specification" section to the
>> "Solution" section, as it is about the implementation details. Not a
>> big concern of mine. You can leave it as-is. I added myself as the
>> reviewer.
>>
>> Thanks,
>> Xuelei
>>
>> On 7/10/2019 7:57 AM, Anthony Scarpino wrote:
>>> Hi
>>>
>>> Can I have a CSR review of this very simple change to turn stateless
>>> session resumption off by default
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8227530
>>>
>>> Tony
>
More information about the security-dev
mailing list