RFR 8211018: Session Resumption without Server-Side State

Xuelei Fan xuelei.fan at oracle.com
Fri May 24 15:51:43 UTC 2019 

SSLSessionContext.java
----------------------
As comment in the CSR review thread, I may not define the 
jdk.tls.server.sessionTicketTimeout property, and use one session 
timeout (SSLSessionContext.getSessionTimeout()) instead.

The ticket timeout may be not necessary, read more please.

SessionTicketExtension.java
---------------------------
As comment in the CSR review thread, I may not define the key timeout. 
Instead, I may use key usage limit.  As it is stateless server, I may 
not use the stateless session timeout as well, for less states.  The key 
rotation scheme might be able to take place of timeout.  For client 
side, the session context session timeout and management may be 
sufficient for the client side cache cleanup.

StatelessKey.gcmspec:
If I read it right, the same key and iv are used for every ticket 
encryption.  This behavior is vulnerable.  The IV should be unique for 
each encryption.

I would like to avoid to create thread in the fundamental API 
implementation if possible.  As the thread (KeyState.run()) is for 
invalid key cleanup only, the cleanup can be moved to the get methods.

For each StatelessKey, one thread is created.  I was wondering if there 
are any chance that there are multiple threads to manage the stateless 
keys, and potential memory leak?

Anyway, I will try to avoid to use internal thread.  I may use a key 
rotation scheme similar to cookie manager (use two keys, one for legacy 
and one for the current key, see HelloCookieManager.java).

If the key is invalid, an exception will be thrown and then fail back to 
full handshake.  Exception thrown and catch are expensive, I may not 
exception for the failback to full handshake.

Let's discuss these issues firstly before we moving on with more code 
review.

Hope it helps.

Thanks,
Xuelei


On 5/21/2019 5:35 PM, Anthony Scarpino wrote:
> Hi all,
> 
> I’ve updated in-place some recent changes due to some additional testing
> 
> Tony
> 
>> On May 16, 2019, at 2:30 PM, Anthony Scarpino <anthony.scarpino at oracle.com> wrote:
>>
>> I'm asking for a review of this rather large change to add support stateless tickets in the TLS 1.3 5077 RFC.
>> https://bugs.openjdk.java.net/browse/JDK-8211018
>>
>> http://cr.openjdk.java.net/~ascarpino/stateless/webrev.00
>>
>> thanks
>>
>> Tony
>

More information about the security-dev mailing list