RFR: 8298381: Improve handling of session tickets for multiple SSLContexts [v4]
Volker Simonis
simonis at openjdk.org
Fri Dec 23 11:07:58 UTC 2022
On Thu, 22 Dec 2022 19:13:21 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Moved stateless key logic from SSLContextImpl to SSLSessionContextImpl and addressed comments by @XueleiFan and @ascarpino
>
> src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java line 163:
>
>> 161: SSLSessionContextImpl serverCache =
>> 162: (SSLSessionContextImpl)hc.sslContext.engineGetServerSessionContext();
>> 163: return serverCache.getKey();
>
> I think the `HandshakeContext hc` could be passed as a parameter for the getKey() method, and thus you have a way to get the secure random for StatelessKey().
>
> return serverCache.getKey(hc);
> -> SessionTicketExtension.StatelessKey getKey(HandshakeContext hc) {
> -> ssk = new SessionTicketExtension.StatelessKey(hc, newID);
> -> StatelessKey(HandshakeContext hc, int newNum) {
> -> kg.init(KEYLEN, hc.sslContext.getSecureRandom());
Done.
-------------
PR: https://git.openjdk.org/jdk/pull/11590
More information about the security-dev
mailing list