RFR 8211018: Session Resumption without Server-Side State
sha.jiang at oracle.com
sha.jiang at oracle.com
Tue Jun 4 11:58:53 UTC 2019
Hi Tony,
I have some minor comments on the test.
ResumeChecksServer.java
--------------------
57 static boolean clientCache = false, serverServerless = false;
Should "serverServerless" be "serverStateless"?
86 if (st.compareToIgnoreCase("stateless") == 0) {
87 serverServerless = true;
88 }
89 st = System.getProperty("javax.net.ssl.sessionCacheClient",
"cache");
90 if (st.compareToIgnoreCase("cache") == 0) {
91 clientCache = true;
92 }
Could method String::equalsIgnoreCase be used in the condition statements?
125 if (secondSession.getCreationTime() > secondStartTime &&
126 !clientCache && !serverServerless) {
127 throw new RuntimeException("Session was not reused");
128 }
If the session should be resumed via session ID, beside checking the
creation time, would it be better to compare the session IDs for
double-checking?
Best regards,
John Jiang
On 2019/6/4 08:42, Anthony Scarpino wrote:
> I believe I updated all comments in the latest webrev.
>
> http://cr.openjdk.java.net/~ascarpino/stateless/webrev.02
>
> Tony
>
> On 5/16/19 2:30 PM, Anthony Scarpino wrote:
>> I'm asking for a review of this rather large change to add support
>> stateless tickets in the TLS 1.3 5077 RFC.
>> https://bugs.openjdk.java.net/browse/JDK-8211018
>
More information about the security-dev
mailing list