RFR JDK-8233619: SSLEngine handshake status immediately after the handshake can be NOT_HANDSHAKING rather than FINISHED with TLSv1.3
Xuelei Fan
xuelei.fan at oracle.com
Mon Mar 2 22:19:06 UTC 2020
ping ...
On 2/22/2020 11:20 AM, Xuelei Fan wrote:
> Hi,
>
> Could I have the following update reviewed?
> http://cr.openjdk.java.net/~xuelei/8233619/webrev.01/
>
> For TLS 1.2 and previous versions, the ChangeCipherSpec message is
> always delivered before the Finished handshake message. ChangeCipherSpec
> is not a handshake message,and cannot be wrapped in one TLS record. The
> processing of Finished handshake message is unlikely to be delegated.
>
> However, for TLS 1.3 there it no non-handshake messages delivered
> immediately before Finished message. Then, the delegated task could
> happen before consuming the Finished message, and then the Finished
> message is handled in the delegated action, together with other
> handshake message in the flight. The FINISHED does not present in such
> situation.
>
> It would be complicated to consume the Finished message separately after
> the delegated tasks. Luckily, currently the post-handshake
> NewSessionTicket message is always used, immediately after the handshake
> message. The FINISHED status could present for producing and consuming
> the NewSessionTicket post-handshake message.
>
> Thanks,
> Xuelei
More information about the security-dev
mailing list