RFR 8211018: Session Resumption without Server-Side State
Xuelei Fan
xuelei.fan at oracle.com
Thu Jun 6 16:18:39 UTC 2019
Continue for the SessionTicketExtension.java.
> On 6/3/2019 5:42 PM, Anthony Scarpino wrote:
>> http://cr.openjdk.java.net/~ascarpino/stateless/webrev.02
SessionTicketExtension.java (continue):
---------------------------------------
368 if (!((SSLSessionContextImpl)chc.sslContext.
369
engineGetClientSessionContext()).statelessEnabled()) {
370 return null;
371 }
Would you like add a log if the stateless is not enabled? Which may be
useful for debugging.
----------
378 return new SessionTicketMessage().getEncoded();
When I read the code, I was wondering if 'SessionTicketMessage' is an
handshake message. It could be easier if we use a consistent naming
style, for example "SessionTicketSpec", as we did in other extension
classes.
As the encode for empty ST is the same, I may just use a static bytes array.
----------
381 if (chc.localSupportedSignAlgs == null) {
382 chc.localSupportedSignAlgs =
383 SignatureScheme.getSupportedAlgorithms(
384 chc.algorithmConstraints,
chc.activeProtocols);
385 }
386
387 // Make sure the list of supported signature
algorithms matches
388 Collection<SignatureScheme> sessionSigAlgs =
389
chc.resumingSession.getLocalSupportedSignatureSchemes();
390 if
(!chc.localSupportedSignAlgs.containsAll(sessionSigAlgs)) {
391 if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake")) {
392 SSLLogger.fine("Existing session uses
different " +
393 "signature algorithms");
394 }
395 return null;
396 }
I did not get the idea here. Does the session signature algorithms
impact the use of session ticket extension?
----------
398 if (chc.resumingSession.getPskIdentity() == null) {
399 if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake")) {
400 SSLLogger.fine(
401 "SessionTicket has no identity, or
identity was already used");
402 }
403 return null;
404 }
405
406 return chc.resumingSession.getPskIdentity();
It's confusing to me that PSK is used here. PSK is a different
extension other than session ticket extension. I had a quick look at
the NewSessionTicket.java, and I can see where you came from. It could
be misleading if we want to support PSK in the future.
----------
400 SSLLogger.fine(
401 "SessionTicket has no identity, or
identity was already used");
I did not follow the message. With "identify was already used", does
it mean the same session ticket can only be used one time?
----------
421 // Skip if extension is not provided
422 if (!shc.sslConfig.isAvailable(CH_SESSION_TICKET)) {
423 return;
424 }
I may add a debug log and record that the session ticket extension is
not supported in server side, and the extension is ignored.
----------
426 // If no buffer or we are already using stateless
resumption
427 if (buffer == null || shc.statelessResumption) {
428 return;
429 }
I did not follow the idea of the checking. I think the buffer should
never be null. For the 'shc.statelessResumption', as this method is to
parse the session ticket in the ClientHello handshake message, there
might be no chance to set the shc.statelessResumption yet for initial
handshaking.
For renegotiation, the previous handshaking may have set the
shc.statelessResumption to true. For the current handshaking, I think
we still need to check the validity of the extension, rather than using
the previous handshaking result.
I don't think the check is necessary. But I may missed something.
----------
434 if (!cache.statelessEnabled()) {
435 return;
436 }
It might be nice to add more debug log.
----------
438 if (buffer.capacity() == 0) {
The return value of ByteBuffer.capacity() may be not the same as the
available value in the buffer. The capacity could be 2^14, but the
available bytes could be just 2 bytes.
----------
499 private static final class T12SHSessionTicketConsumer
implements ExtensionConsumer {
It might be nice to add more debug log in this class.
----------
509 // Skip if extension is not provided
510 if (!hc.sslConfig.isAvailable(SH_SESSION_TICKET)) {
511 return;
512 }
If the extension is not provided, but receive the NST handshake message
from server, is it expected to terminate the connection with an
unexpected_message" alert?
----------
514 // If the context does not allow stateless tickets, exit
515 if (!((SSLSessionContextImpl)hc.sslContext.
516
engineGetClientSessionContext()).statelessEnabled()) {
517 return;
518 }
Similar to above comment.
----------
What's client behavior if the server response with ST in ServerHello,
but does not send the NewSessionTicket handshake message?
Did we need the HandshakeAbsence handler for NewSessionTicket handshake
message?
All right. I complete the review for the SessionTicketExtension.java.
Most of them are trivial issues. I don't think any of them that we
cannot fix after RDP1 or even JDK 14.
Thanks,
Xuelei
More information about the security-dev
mailing list