RFR: 8368514: TLS stateless session ticket decryption fails on some providers [v2]
Valerie Peng
valeriep at openjdk.org
Thu Sep 25 18:20:36 UTC 2025
On Thu, 25 Sep 2025 15:04:11 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Please review this trivial patch that fixes stateless session resumption with JCE providers that require extra space for AES/GCM decryption.
>>
>> I modified the existing FipsModeTLS12 test to additionally verify that session resumption works. The TLS 1.3 test resumes the session using a stateless ticket; the TLS 1.2 test uses stateful sessions, because stateless ticket creation fails for other reasons.
>>
>> Tier1-3 tests continue to pass.
>
> Daniel Jeliński has updated the pull request incrementally with four additional commits since the last revision:
>
> - Add explanation for getOutputSize
> - Remove references to TLS 1.2 from class names and paths
> - Explain why stateless resumption needs to be disabled with TLS 1.2
> - Update test comment
Changes look good.
-------------
Marked as reviewed by valeriep (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27463#pullrequestreview-3268947987
More information about the security-dev
mailing list