RFR: 8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu May 6 19:17:53 UTC 2021
On Thu, 6 May 2021 11:57:48 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Unfortunately, simple pull() can not be used in this case. We have to check if the session found in the cache can be rejoined with parameters received in ClientHello and server context. Only rejoinable sessions should be removed from the session cache.
For TLS 1.3, I think it may be safe to remove the session from the cache even if it is no rejoinable.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3664
More information about the security-dev
mailing list