RFR: CSR for 8211018 Session Resumption without Server-Side State

Xuelei Fan xuelei.fan at oracle.com
Fri May 24 13:44:55 UTC 2019


jdk.tls.server.sessionTicketTimeout:
Could we use the SSLSessionContext.getSessionTimeout() value for ticket 
session timeout?

jdk.tls.server.statelessKeyTimeout:
We may extend to use external key and key rotation to improve 
scalability.  I was wondering, if it is possible to remove the property 
by using implicit key usage limit (as TLS 1.3 key usage limit, 
uncustomizable) rather than timeout?

Thanks,
Xuelei


On 5/21/2019 4:24 PM, Anthony Scarpino wrote:
> Hi All,
> 
> Please review the CSR for the stateless Server Side 
> https://bugs.openjdk.java.net/browse/JDK-8223922
> 
> thanks
> 
> Tony


More information about the security-dev mailing list