RFR: 8277881 Missing SessionID in TLS1.3 resumption in compatibility mode [v2]

Daniel Jeliński duke at openjdk.java.net
Thu Dec 23 21:54:16 UTC 2021

On Tue, 21 Dec 2021 21:25:53 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>>   Update copyright year
> Please add " 2021," to the copyright of ResumeTLS13withSNI.java.
> I have run all the tests and they pass.
> Have you run this fix on your customer's setup or similar setup to confirm this fixed their problem?

Thanks @ascarpino for reviewing. Copyright year updated.

Yes I confirmed that the updated version fixes the problem.

Interestingly, aside from the empty SessionID there were no other differences between the initial and resumption ClientHello messages, i.e. pre_shared_key extension was absent in both. I suppose the server didn't send any NewSessionTicket, but didn't investigate it further.


PR: https://git.openjdk.java.net/jdk/pull/6583

More information about the security-dev mailing list