RFR: 8357033: Reduce stateless session ticket size [v2]
Artur Barashev
abarashev at openjdk.org
Tue May 20 17:16:51 UTC 2025
On Tue, 20 May 2025 09:53:48 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Log error and return null no compress/decompress failure
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 324:
>
>> 322: b = Record.getBytes8(buf);
>> 323: if (b.length > 0) {
>> 324: String alg = new String(b);
>
> Please remove the algorithm names from the session ticket. They were not used, and I don't see any reason to start using them now.
Hm.. they are being specified everywhere else in SSL code. So I guess we should pass an empty string to `SecretKeySpec` constructor then?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25310#discussion_r2098489233
More information about the security-dev
mailing list