RFR: 8298381: Improve handling of session tickets for multiple SSLContexts [v5]

Volker Simonis simonis at openjdk.org
Mon Jan 9 17:32:01 UTC 2023


On Tue, 3 Jan 2023 17:43:43 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> Looks good to me.  Thanks!
>
>> Looks good to me. Thanks!
> 
> Thanks @XueleiFan!
> 
> I've updated the copyright year to 2023 and will wait one or two more days just in case @ascarpino wants to take one more look as well.

> Hi @simonis, I am sorry for chiming in so late on this issue. I do think it might be worthwhile to make your proof-of-concept code into a jtreg test as you mentioned in your summary. I think it really comes down to how feasible the conversion would be. It's always better to have an automated test if we can, but it depends on if jtreg code can get access to reliable information about the session tickets via the session cache and know that things are behaving as intended.

I don't think the current reproducer can easily be converted into a cheap and stable jterg test. The current version is quite heavyweight because it calls `jcmd GC.class_histogram` and not really stable because it depends on the number of live `StatelessKey` objects in the heap. So for now I'd prefer to finally fix this issue even without an attached automatic test.

-------------

PR: https://git.openjdk.org/jdk/pull/11590


More information about the security-dev mailing list