RFR: 8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) [v3]

Alexey Bakhtin abakhtin at openjdk.java.net
Fri May 7 12:05:51 UTC 2021


On Thu, 6 May 2021 19:15:27 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Unfortunately, simple pull() can not be used in this case. We have to check if the session found in the cache can be rejoined with parameters received in ClientHello and server context. Only rejoinable sessions should be removed from the session cache.
>> It is possible to use simple pull() and restore session in the cache if the session is not rejoinable, but I do not like this approach. Also, it will require extending Cache with get/setExpirationTime methods.
>
>> Unfortunately, simple pull() can not be used in this case. We have to check if the session found in the cache can be rejoined with parameters received in ClientHello and server context. Only rejoinable sessions should be removed from the session cache.
> 
> For TLS 1.3, I think it may be safe to remove the session from the cache even if it is no rejoinable.

@XueleiFan  Thank you for suggestion.  The patch is updated using a simple pull()

-------------

PR: https://git.openjdk.java.net/jdk/pull/3664


More information about the security-dev mailing list