8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions #8922
Conversation
|
👋 Welcome back djelinski! A progress list of the required criteria for merging this PR into |
openjdk
bot
changed the title
|
@djelinski The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java
Outdated
Show resolved
Hide resolved
|
@djelinski This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 166 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
The bug and the PR could have used a lot more description that the issue here is that 1.2 and 1.3 are enabled at the same time. such as via After thinking about it, this maybe the better way to fix this as the it a heterogeneous server environment, only sending 1.3 extension from the resumed TLS protocol may cause errors when talking to 1.2 server. So both extensions need to be enabled globally, but since we are resuming 1.3 state, the same state does not to be passed in a 1.2 connection. It should do a full handshake. One could ask the reverse, if the resumption is from 1.2 should we be sending a 1.3 pre_shared_key extension.. But that can be for another bug I suppose. |
|
please make sure all jdk_security tests and tier1 tests pass before integrating |
As far as I can tell, 1.2 and 1.3 are both enabled by default.
We are not sending
done. Thanks for reviewing! |
|
/integrate |
|
Going to push as commit 4662e06.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@djelinski Pushed as commit 4662e06. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
|
A little late to this review as it's already been pushed, but I would have suggested leaving the |
|
Hi @raycoll, thanks for making a comment in an OpenJDK project! All comments and discussions in the OpenJDK Community must be made available under the OpenJDK Terms of Use. If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please Use "Add GitHub user raycoll for the summary. If you are not an OpenJDK Author, Committer or Reviewer, simply check the box below to accept the OpenJDK Terms of Use for your comments.
Your comment will be automatically restored once you have accepted the OpenJDK Terms of Use. |
Session ticket extension should only contain pre-TLS1.3 stateless session tickets; it should not be used for sending TLS1.3 pre-shared keys.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/8922/head:pull/8922$ git checkout pull/8922Update a local copy of the PR:
$ git checkout pull/8922$ git pull https://git.openjdk.java.net/jdk pull/8922/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 8922View PR using the GUI difftool:
$ git pr show -t 8922Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/8922.diff