RFR: 8328608: Multiple NewSessionTicket support for TLS
John Jiang
jjiang at openjdk.org
Wed Jun 19 02:46:10 UTC 2024
On Wed, 19 Jun 2024 00:04:54 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java line 369:
>>
>>> 367: if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>> 368: SSLLogger.fine("No session ticket produced: " +
>>> 369: "session timeout");
>>
>> Here `session timeout` may be confused.
>> It looks indicate the session has timed out.
>>
>> `T12NewSessionTicketProducer::produce` uses `Session timeout is too long. No ticket sent`.
>> Could this log also use these wordings?
>
> All the T13 log messages use the same format. I agree it is different from the T12 log messages, but it helps distinguish the failures for different protocols.
> Though saying "session timed out" is probably better
Here the session ticked is not produced due to the session timeout value is too big, but not the session has timed out.
If my understanding is correct, the log could be "No session ticket produced: session timeout is too long".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19465#discussion_r1645329523
More information about the security-dev
mailing list