Stateless session resumption for TLS 1.3 with enableSessionTicketExtension?
Sean Mullan
sean.mullan at oracle.com
Thu Jan 2 19:11:42 UTC 2020
Thanks for spotting this. I filed
https://bugs.openjdk.java.net/browse/JDK-8236624 to update the docs.
--Sean
On 12/17/19 7:53 AM, raell at web.de wrote:
> Hi Tony,
>
> thank you for the clarification.
>
> Btw: If I'm not mistaken, the new System properties for stateless session resumption are not included in the documentation https://docs.oracle.com/en/java/javase/13/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-93DEEE16-0B70-40E5-BBE7-55C3FD432345 (Table 8-3) so far. If they should be added there at a later time, maybe, your clarification for TLS 1.3 could be incorporated there?
>
> Regards,
>
> Ralph
>
>
>
> On 12/16/2019 3:20 PM, Anthony Scarpino wrote:
>>> Dear all,
>>>
>>>
>>> in Java 13 the new System properties jdk.tls.client.enableSessionTicketExtension and jdk.tls.server.enableSessionTicketExtension were introduced. In TLS 1.2 and prior these properties support stateful session resumption according to RFC 5077.
>>>
>>> In TLS 1.3, however, there is no SessionTicketExtension and it isn't clear from the description [1] what impact jdk.tls.server.enableSessionTicketExtension has in case of a TLS 1.3 connection.
>>>
>>> Question 1: Does a Java server perform on a TLS 1.3 connection a stateless resp. stateful session resumption, if
>>> jdk.tls.server.enableSessionTicketExtension is set to true resp. false?
>
>> Yes
>
>>>
>>> Question 2: Does the content of the NewSessionTicket message in TLS 1.3 depend on the value of jdk.tls.server.enableSessionTicketExtension?
>
>> Yes
>
>
>> Tony
More information about the security-dev
mailing list