Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
8277307: Pre shared key sent under both session_ticket and pre_shared…
…_key extensions

Reviewed-by: coffeys, ascarpino
  • Loading branch information
djelinski committed Jun 8, 2022
1 parent 7df48f9 commit 4662e06
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 7 deletions.
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -403,11 +403,13 @@ public byte[] produce(ConnectionContext context,
chc.statelessResumption = true;

// If resumption is not in progress, return an empty value
if (!chc.isResumption || chc.resumingSession == null) {
if (!chc.isResumption || chc.resumingSession == null
|| chc.resumingSession.getPskIdentity() == null
|| chc.resumingSession.getProtocolVersion().useTLS13PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Stateless resumption supported");
}
return new SessionTicketSpec().getEncoded();
return new byte[0];
}

if (chc.localSupportedSignAlgs == null) {
Expand Down
18 changes: 14 additions & 4 deletions test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -26,7 +26,7 @@

/*
* @test
* @bug 8211806 8277881
* @bug 8211806 8277881 8277307
* @summary TLS 1.3 handshake server name indication is missing on a session resume
* @run main/othervm ResumeTLS13withSNI
*/
Expand Down Expand Up @@ -102,7 +102,7 @@ public static void main(String args[]) throws Exception {
SSLParameters cliSSLParams = clientEngine.getSSLParameters();
cliSSLParams.setServerNames(List.of(SNI_NAME));
clientEngine.setSSLParameters(cliSSLParams);
clientEngine.setEnabledProtocols(new String[] { "TLSv1.3" });
clientEngine.setEnabledProtocols(new String[] { "TLSv1.2", "TLSv1.3" });

SSLEngine serverEngine = makeEngine(sslCtx, kmf, tmf, false);
SSLParameters servSSLParams = serverEngine.getSSLParameters();
Expand All @@ -114,7 +114,7 @@ public static void main(String args[]) throws Exception {
// Create a new client-side engine which can initiate TLS session
// resumption
SSLEngine newCliEngine = makeEngine(sslCtx, kmf, tmf, true);
newCliEngine.setEnabledProtocols(new String[] { "TLSv1.3" });
newCliEngine.setEnabledProtocols(new String[] { "TLSv1.2", "TLSv1.3" });
ByteBuffer resCliHello = getResumptionClientHello(newCliEngine);

dumpBuffer("Resumed ClientHello Data", resCliHello);
Expand Down Expand Up @@ -394,6 +394,16 @@ private static void checkResumedClientHelloSNI(ByteBuffer resCliHello)
System.err.println("* Found pre_shared_key Extension");
resCliHello.position(resCliHello.position() + extLen);
break;
case 35: // session_ticket
// This is a TLS1.2 extension; should be empty since we're
// negotiating TLS1.3. See JDK-8277307
System.err.format("* Found session_ticket extension " +
"(%d bytes)\n", extLen);
if (extLen != 0) {
throw new Exception("Unexpected session_ticket content");
}
resCliHello.position(resCliHello.position() + extLen);
break;
default:
System.err.format("* Found extension %d (%d bytes)\n",
extType, extLen);
Expand Down

3 comments on commit 4662e06

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@franferrax
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk17u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 4662e06 Nov 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@franferrax the backport was successfully created on the branch franferrax-backport-4662e06b in my personal fork of openjdk/jdk17u-dev. To create a pull request with this backport targeting openjdk/jdk17u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 4662e06b from the openjdk/jdk repository.

The commit being backported was authored by Daniel Jeliński on 8 Jun 2022 and was reviewed by Sean Coffey and Anthony Scarpino.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u-dev:

$ git fetch https://github.com/openjdk-bots/jdk17u-dev.git franferrax-backport-4662e06b:franferrax-backport-4662e06b
$ git checkout franferrax-backport-4662e06b
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u-dev.git franferrax-backport-4662e06b

Please sign in to comment.