RFR: 8298381: Improve handling of session tickets for multiple SSLContexts [v6]
Volker Simonis
simonis at openjdk.org
Mon Jan 9 17:01:00 UTC 2023
On Sat, 7 Jan 2023 08:26:12 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
>> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 199:
>
>> 197: it.remove();
>> 198: try {
>> 199: k.key.destroy();
>
> Is it safe to assume that "key.destroy()" is threadsafe?
First of all, this isn't a change with regards to the old implementation.
But in general I don't think this is a problem because the current implementation is using "AES" keys which are generated by `AESKeyGenerator` and are actually plain `SecretKeySpec` keys. These keys don't even implement a `destroy()` method so they will throw `DestroyFailedException` anyway (that's the default implementation of `Destroyable::destroy()`).
-------------
PR: https://git.openjdk.org/jdk/pull/11590
More information about the security-dev
mailing list