RFR: 8368514: TLS stateless session ticket decryption fails on some providers
Valerie Peng
valeriep at openjdk.org
Wed Sep 24 18:55:49 UTC 2025
On Wed, 24 Sep 2025 16:41:01 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Please review this trivial patch that fixes stateless session resumption with JCE providers that require extra space for AES/GCM decryption.
>>
>> I modified the existing FipsModeTLS12 test to additionally verify that session resumption works. The TLS 1.3 test resumes the session using a stateless ticket; the TLS 1.2 test uses stateful sessions, because stateless ticket creation fails for other reasons.
>>
>> Tier1-3 tests continue to pass.
>
> test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java line 106:
>
>> 104:
>> 105: // Self-integrity test (complete TLS communication)
>> 106: testTLS12SunPKCS11Communication.initSslContext();
>
> Should we rename `testTLS12SunPKCS11Communication` class to `testTLSSunPKCS11Communication` now that we test TLSv1.3 also?
+1
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27463#discussion_r2376752590
More information about the security-dev
mailing list