Integrated: 8368514: TLS stateless session ticket decryption fails on some providers
Daniel Jeliński
djelinski at openjdk.org
Thu Sep 25 18:50:49 UTC 2025
On Wed, 24 Sep 2025 08:08:11 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Please review this trivial patch that fixes stateless session resumption with JCE providers that require extra space for AES/GCM decryption.
>
> I modified the existing FipsModeTLS12 test to additionally verify that session resumption works. The TLS 1.3 test resumes the session using a stateless ticket; the TLS 1.2 test uses stateful sessions, because stateless ticket creation fails for other reasons.
>
> Tier1-3 tests continue to pass.
This pull request has now been integrated.
Changeset: 3c9fd768
Author: Daniel Jeliński <djelinski at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/3c9fd7688f4d73067db9b128c329ca7603a60578
Stats: 40 lines in 10 files changed: 20 ins; 8 del; 12 mod
8368514: TLS stateless session ticket decryption fails on some providers
Reviewed-by: valeriep, abarashev
-------------
PR: https://git.openjdk.org/jdk/pull/27463
More information about the security-dev
mailing list