RFR: 8357033: Reduce stateless session ticket size [v2]

Artur Barashev abarashev at openjdk.org
Tue May 20 17:16:51 UTC 2025


On Tue, 20 May 2025 09:53:48 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Log error and return null no compress/decompress failure
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 324:
> 
>> 322:             b = Record.getBytes8(buf);
>> 323:             if (b.length > 0) {
>> 324:                 String alg = new String(b);
> 
> Please remove the algorithm names from the session ticket. They were not used, and I don't see any reason to start using them now.

Hm.. they are being specified everywhere else in SSL code. So I guess we should pass an empty string to `SecretKeySpec` constructor then?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25310#discussion_r2098489233


More information about the security-dev mailing list