Skip to content

Commit

Permalink
8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
Browse files Browse the repository at this point in the history
Backport-of: 9d99a377bfb6ffa890db049aee575e97914fc2a1
  • Loading branch information
RealCLanger committed Nov 7, 2022
1 parent f07e691 commit 8f5ae91
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 11 deletions.
16 changes: 8 additions & 8 deletions src/java.base/share/classes/sun/security/ssl/ClientHello.java
Expand Up @@ -569,15 +569,15 @@ public byte[] produce(ConnectionContext context) throws IOException {
"No new session is allowed and " +
"no existing session can be resumed");
}

if (chc.maximumActiveProtocol.useTLS13PlusSpec() &&
SSLConfiguration.useCompatibilityMode) {
// In compatibility mode, the TLS 1.3 legacy_session_id
// field MUST be non-empty, so a client not offering a
// pre-TLS 1.3 session MUST generate a new 32-byte value.
sessionId =
}
if (sessionId.length() == 0 &&
chc.maximumActiveProtocol.useTLS13PlusSpec() &&
SSLConfiguration.useCompatibilityMode) {
// In compatibility mode, the TLS 1.3 legacy_session_id
// field MUST be non-empty, so a client not offering a
// pre-TLS 1.3 session MUST generate a new 32-byte value.
sessionId =
new SessionId(true, chc.sslContext.getSecureRandom());
}
}

ProtocolVersion minimumVersion = ProtocolVersion.NONE;
Expand Down
Expand Up @@ -96,7 +96,7 @@ final class SSLConfiguration implements Cloneable {
static final boolean allowLegacyMasterSecret =
Utilities.getBooleanProperty("jdk.tls.allowLegacyMasterSecret", true);

// Allow full handshake without Extended Master Secret extension.
// Use TLS1.3 middlebox compatibility mode.
static final boolean useCompatibilityMode = Utilities.getBooleanProperty(
"jdk.tls.client.useCompatibilityMode", true);

Expand Down
7 changes: 5 additions & 2 deletions test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -26,7 +26,7 @@

/*
* @test
* @bug 8211806
* @bug 8211806 8277881
* @summary TLS 1.3 handshake server name indication is missing on a session resume
* @run main/othervm ResumeTLS13withSNI
*/
Expand Down Expand Up @@ -338,6 +338,9 @@ private static void checkResumedClientHelloSNI(ByteBuffer resCliHello)

// Get the legacy session length and skip that many bytes
int sessIdLen = Byte.toUnsignedInt(resCliHello.get());
if (sessIdLen == 0) {
throw new Exception("SessionID field empty");
}
resCliHello.position(resCliHello.position() + sessIdLen);

// Skip over all the cipher suites
Expand Down

1 comment on commit 8f5ae91

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.