Possible regression in JDK 14 related to SSLSessionContext / SSLSession on the server side
Jamil Nimeh
jamil.j.nimeh at oracle.com
Mon Mar 30 15:58:25 UTC 2020
For what it's worth, I tried with the latest JDK using SSLSockets on the
server side and I'm (so far) not able to reproduce it with my local test
utilities. Unfortunately I don't have an engine-based simple server
handy so I'll give Norman's reproducer a spin and see what happens.
--Jamil
On 3/30/2020 5:31 AM, Norman Maurer wrote:
> Hey Sean,
>
> There is not much to share as its just a simple handshake :)
>
> Anyway here is a reproducer:
>
> https://github.com/normanmaurer/jdk_ssl_session_context_reproducer
>
> It basically does nothing more then complete the handshake and then
> calling engine.getSession().getSessionContext() which will return null
> on the server side since JDK 14 (earlier versions work).
> I tested it with TLSv1.2 and TLSv1.3 and both times it produced the
> error on JDK 14.
>
>
> Bye
> Norman
>
>
>> On 30. Mar 2020, at 13:22, Seán Coffey <sean.coffey at oracle.com
>> <mailto:sean.coffey at oracle.com>> wrote:
>>
>> Looks interesting Norman. Do you want to share some more details
>> about the peculiarities of this handshake before considering a fully
>> fledged testcase ?
>>
>> regards,
>> Sean.
>>
>> On 27/03/2020 12:48, Norman Maurer wrote:
>>> Hi there,
>>>
>>> I am just about to add JDK14 to the test matrix for netty and think
>>> I found a regression. Before I will invest time to write a
>>> standalone reproducer please let me know if you think this is a
>>> regression or not.
>>> Basically after the handshake is complete
>>> SSLEngine.getSession().getSessionContext() returns null on the
>>> serverside when using JDK14. Running the same test with any previous
>>> version (JDK13 and earlier) doesn’t show the same result.
>>>
>>> Does this sounds like a regression and if so should I provide a
>>> standalone reproducer here ?
>>>
>>> Bye
>>> Norman
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200330/17f0c3c8/attachment.htm>
More information about the security-dev
mailing list