RFR: 8277881 Missing SessionID in TLS1.3 resumption in compatibility mode
Anthony Scarpino
ascarpino at openjdk.java.net
Tue Dec 21 21:29:17 UTC 2021
On Mon, 29 Nov 2021 08:42:22 GMT, Daniel Jeliński <duke at openjdk.java.net> wrote:
> All TLS 1.3 handshakes in compatibility mode must send a non-empty SessionID field. Currently TLS1.3 session resumptions are sending empty session ID. This patch fixes that problem.
>
> All jdk_core tests passed. The newly added check passes with the patch, fails without it.
Please add " 2021," to the copyright of ResumeTLS13withSNI.java.
I have run all the tests and they pass.
Have you run this fix on your customer's setup or similar setup to confirm this fixed their problem?
-------------
Changes requested by ascarpino (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/6583
More information about the security-dev
mailing list