RFR: 8270344: Session resumption errors
djelinski
github.com+30433125+djelinski at openjdk.java.net
Wed Aug 18 19:06:23 UTC 2021
On Fri, 13 Aug 2021 14:00:45 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> Corner case where a session resumption can fail if the TLS server changes supported protocol versions in relation to a cached SSLSession. This is primarily an issue where the legacy TLS version is used in place of the newer "supported_versions" TLS extension.
Also fixes resumption when server is a Java application run with `-Djdk.tls.allowLegacyResumption=false`, client is a Java application with `-Djdk.tls.useExtendedMasterSecret=false`, and TLSv1.2 is negotiated.
As a side note, it should be possible to merge `HandshakeContext#handshakeSession` and `HandshakeContext#resumingSession` into a single field now
-------------
PR: https://git.openjdk.java.net/jdk/pull/5110
More information about the security-dev
mailing list