RFR JDK-8233619: SSLEngine handshake status immediately after the handshake can be NOT_HANDSHAKING rather than FINISHED with TLSv1.3
Jamil Nimeh
jamil.j.nimeh at oracle.com
Tue Mar 3 20:35:56 UTC 2020
Looks good to me. Sorry for the delay in getting you a review.
--Jamil
On 3/2/2020 2:19 PM, Xuelei Fan wrote:
> ping ...
>
> On 2/22/2020 11:20 AM, Xuelei Fan wrote:
>> Hi,
>>
>> Could I have the following update reviewed?
>> http://cr.openjdk.java.net/~xuelei/8233619/webrev.01/
>>
>> For TLS 1.2 and previous versions, the ChangeCipherSpec message is
>> always delivered before the Finished handshake message.
>> ChangeCipherSpec is not a handshake message,and cannot be wrapped in
>> one TLS record. The processing of Finished handshake message is
>> unlikely to be delegated.
>>
>> However, for TLS 1.3 there it no non-handshake messages delivered
>> immediately before Finished message. Then, the delegated task could
>> happen before consuming the Finished message, and then the Finished
>> message is handled in the delegated action, together with other
>> handshake message in the flight. The FINISHED does not present in
>> such situation.
>>
>> It would be complicated to consume the Finished message separately
>> after the delegated tasks. Luckily, currently the post-handshake
>> NewSessionTicket message is always used, immediately after the
>> handshake message. The FINISHED status could present for producing
>> and consuming the NewSessionTicket post-handshake message.
>>
>> Thanks,
>> Xuelei
More information about the security-dev
mailing list