RFR: 8368514: TLS stateless session ticket decryption fails on some providers [v2]
Daniel Jeliński
djelinski at openjdk.org
Thu Sep 25 15:04:11 UTC 2025
> Please review this trivial patch that fixes stateless session resumption with JCE providers that require extra space for AES/GCM decryption.
>
> I modified the existing FipsModeTLS12 test to additionally verify that session resumption works. The TLS 1.3 test resumes the session using a stateless ticket; the TLS 1.2 test uses stateful sessions, because stateless ticket creation fails for other reasons.
>
> Tier1-3 tests continue to pass.
Daniel Jeliński has updated the pull request incrementally with four additional commits since the last revision:
- Add explanation for getOutputSize
- Remove references to TLS 1.2 from class names and paths
- Explain why stateless resumption needs to be disabled with TLS 1.2
- Update test comment
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/27463/files
- new: https://git.openjdk.org/jdk/pull/27463/files/b70000f1..664b4df7
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=27463&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=27463&range=00-01
Stats: 12 lines in 10 files changed: 4 ins; 0 del; 8 mod
Patch: https://git.openjdk.org/jdk/pull/27463.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27463/head:pull/27463
PR: https://git.openjdk.org/jdk/pull/27463
More information about the security-dev
mailing list