RFR: 8328608: Multiple NewSessionTicket support for TLS [v3]
Anthony Scarpino
ascarpino at openjdk.org
Thu Aug 1 19:30:35 UTC 2024
On Mon, 29 Jul 2024 16:40:21 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 21 commits:
>>
>> - Rework TLSBase for better testing
>> - Tests working
>> - Merge branch 'master' into nst-multi
>> - new changes
>> - remove frag issue
>> - Comments, remove thread, set NST default to 1, allow 0
>> - comment cleanup
>> - Merge branch 'master' into nst-multi
>> - copyright & cleanup
>> - oops BAOS
>> - ... and 11 more: https://git.openjdk.org/jdk/compare/3796fdfc...35bfe799
>
> test/jdk/sun/security/ssl/SSLSessionImpl/MultiNSTClient.java line 35:
>
>> 33: * @run main/othervm MultiNSTClient -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=true
>> 34: * @run main/othervm MultiNSTClient -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=false -Djdk.tls.client.enableSessionTicketExtension=true
>> 35: * @run main/othervm MultiNSTClient -Djdk.tls.client.protocols=TLSv1.3 -Djdk.tls.server.enableSessionTicketExtension=true -Djdk.tls.client.enableSessionTicketExtension=false
>
> `jdk.tls.client.enableSessionTicketExtension` has no effect with `TLSv1.3`. Did you mean to run these tests with TLSv1.2?
True, but I like verifying the client being false has no effect.
TLS 1.2 doesn't support multiple NSTs, so it's check is based off the TLS version used and not the properties.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19465#discussion_r1700715920
More information about the security-dev
mailing list