Discard or clamp ticket lifetime?
Bernd Eckenfels
ecki at zusammenkunft.net
Mon Jun 30 14:45:39 UTC 2025
This OpenSSL Ticket describes the same MAX_INT liferime problem, and they Seen to use clamping as well.
I think the change and the exakt condition is different (since it is a TLS1.3 issue for them), but the Observation that vsftpd is causing this, will allow us to reproduce it. (I may report it to vsftpd as well).
https://github.com/openssl/openssl/issues/17948
Gruß
Bernd
Bernd Eckenfels wrote on 29. June 2025 15:27 (GMT +02:00):
> We deal with a regression in JSSE regarding resumption tickets with high
> lifetime.
> In older versions with Java 11 the customer claimed a FTP Server was
> reachable, with Java 21 the connections are rejected.
…
More information about the security-dev
mailing list