RFR: 8277881 Missing SessionID in TLS1.3 resumption in compatibility mode [v2]
Daniel Jeliński
duke at openjdk.java.net
Thu Dec 23 21:54:16 UTC 2021
On Tue, 21 Dec 2021 21:25:53 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update copyright year
>
> Please add " 2021," to the copyright of ResumeTLS13withSNI.java.
> I have run all the tests and they pass.
>
> Have you run this fix on your customer's setup or similar setup to confirm this fixed their problem?
Thanks @ascarpino for reviewing. Copyright year updated.
Yes I confirmed that the updated version fixes the problem.
Interestingly, aside from the empty SessionID there were no other differences between the initial and resumption ClientHello messages, i.e. pre_shared_key extension was absent in both. I suppose the server didn't send any NewSessionTicket, but didn't investigate it further.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6583
More information about the security-dev
mailing list