RFR: 8328608: Multiple NewSessionTicket support for TLS
Anthony Scarpino
ascarpino at openjdk.org
Fri Jun 21 16:12:14 UTC 2024
On Fri, 21 Jun 2024 09:54:34 GMT, Sibabrata Sahoo <ssahoo at openjdk.org> wrote:
> Just for knowledge: If the client has multiple PSK Identity previously shared by server and client initiate a PSK resumption of type(psk_dhe_ke) and it receive a HelloRetryRequest from Server, then should client send the same PSK Identity in current ClientHello same as in previous ClientHello(after changing ticket_age and binder value) or it has option to choose any one of remaining unused PSK Identity or let send all unused PSK identities available in 'pre_shared_key' extension?
Looking at the code, it should be the same PSK. I did not change anything in this area, so I would expect the same behavior as before. In the existing code, given the first CH would take the PSK out of the cache, there would be no new PSK for the second CH to change to.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19465#issuecomment-2183040021
More information about the security-dev
mailing list