RFR: CSR for 8211018 Session Resumption without Server-Side State
Xuelei Fan
xuelei.fan at oracle.com
Fri May 24 13:44:55 UTC 2019
jdk.tls.server.sessionTicketTimeout:
Could we use the SSLSessionContext.getSessionTimeout() value for ticket
session timeout?
jdk.tls.server.statelessKeyTimeout:
We may extend to use external key and key rotation to improve
scalability. I was wondering, if it is possible to remove the property
by using implicit key usage limit (as TLS 1.3 key usage limit,
uncustomizable) rather than timeout?
Thanks,
Xuelei
On 5/21/2019 4:24 PM, Anthony Scarpino wrote:
> Hi All,
>
> Please review the CSR for the stateless Server Side
> https://bugs.openjdk.java.net/browse/JDK-8223922
>
> thanks
>
> Tony
More information about the security-dev
mailing list