[RFR] 8229148: SSLSession.invalidate() does not invalidate stateless tickets

Anthony Scarpino anthony.scarpino at oracle.com
Wed Apr 22 23:57:35 UTC 2020


Hi,

I'd like a review of this change to add session invalidation for 
stateless resumption.  It adds a cache that stateless resumes will check 
against.  The cache keeps track of only those sessions that are 
invalidated, minimizing it's cost on the server.  This is separate from 
the existing session cache method of invalidation.

http://cr.openjdk.java.net/~ascarpino/8229148/webrev.00/

thanks

Tony


More information about the security-dev mailing list