RFR JDK-8233619: SSLEngine handshake status immediately after the handshake can be NOT_HANDSHAKING rather than FINISHED with TLSv1.3

Xuelei Fan xuelei.fan at oracle.com
Mon Mar 2 22:19:06 UTC 2020


ping ...

On 2/22/2020 11:20 AM, Xuelei Fan wrote:
> Hi,
> 
> Could I have the following update reviewed?
>      http://cr.openjdk.java.net/~xuelei/8233619/webrev.01/
> 
> For TLS 1.2 and previous versions, the ChangeCipherSpec message is 
> always delivered before the Finished handshake message. ChangeCipherSpec 
> is not a handshake message,and cannot be wrapped in one TLS record.  The 
> processing of Finished handshake message is unlikely to be delegated.
> 
> However, for TLS 1.3 there it no non-handshake messages delivered 
> immediately before Finished message.  Then, the delegated task could 
> happen before consuming the Finished message, and then the Finished 
> message is handled in the delegated action, together with other 
> handshake message in the flight. The FINISHED does not present in such 
> situation.
> 
> It would be complicated to consume the Finished message separately after 
> the delegated tasks.  Luckily, currently the post-handshake 
> NewSessionTicket message is always used, immediately after the handshake 
> message.  The FINISHED status could present for producing and consuming 
> the NewSessionTicket post-handshake message.
> 
> Thanks,
> Xuelei



More information about the security-dev mailing list