RFR: 8368514: TLS stateless session ticket decryption fails on some providers
Daniel Jeliński
djelinski at openjdk.org
Wed Sep 24 08:16:37 UTC 2025
Please review this trivial patch that fixes stateless session resumption with JCE providers that require extra space for AES/GCM decryption.
I modified the existing FipsModeTLS12 test to additionally verify that session resumption works. The TLS 1.3 test resumes the session using a stateless ticket; the TLS 1.2 test uses stateful sessions, because stateless ticket creation fails for other reasons.
Tier1-3 tests continue to pass.
-------------
Commit messages:
- Add bug ID
- Test session resumption
- Fix session resumption
Changes: https://git.openjdk.org/jdk/pull/27463/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27463&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8368514
Stats: 32 lines in 2 files changed: 16 ins; 8 del; 8 mod
Patch: https://git.openjdk.org/jdk/pull/27463.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27463/head:pull/27463
PR: https://git.openjdk.org/jdk/pull/27463
More information about the security-dev
mailing list