Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
8277307: Pre shared key sent under both session_ticket and pre_shared…
…_key extensions

Backport-of: 4662e06bff2cef7425c194a9cdd7a6fe7469179e
  • Loading branch information
franferrax authored and jerboaa committed Nov 28, 2023
1 parent 770b3d6 commit 9128c89
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 7 deletions.
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -403,11 +403,13 @@ public byte[] produce(ConnectionContext context,
chc.statelessResumption = true;

// If resumption is not in progress, return an empty value
if (!chc.isResumption || chc.resumingSession == null) {
if (!chc.isResumption || chc.resumingSession == null
|| chc.resumingSession.getPskIdentity() == null
|| chc.resumingSession.getProtocolVersion().useTLS13PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Stateless resumption supported");
}
return new SessionTicketSpec().getEncoded();
return new byte[0];
}

if (chc.localSupportedSignAlgs == null) {
Expand Down
18 changes: 14 additions & 4 deletions test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -26,7 +26,7 @@

/*
* @test
* @bug 8211806 8277881
* @bug 8211806 8277881 8277307
* @summary TLS 1.3 handshake server name indication is missing on a session resume
* @run main/othervm ResumeTLS13withSNI
*/
Expand Down Expand Up @@ -102,7 +102,7 @@ public static void main(String args[]) throws Exception {
SSLParameters cliSSLParams = clientEngine.getSSLParameters();
cliSSLParams.setServerNames(List.of(SNI_NAME));
clientEngine.setSSLParameters(cliSSLParams);
clientEngine.setEnabledProtocols(new String[] { "TLSv1.3" });
clientEngine.setEnabledProtocols(new String[] { "TLSv1.2", "TLSv1.3" });

SSLEngine serverEngine = makeEngine(sslCtx, kmf, tmf, false);
SSLParameters servSSLParams = serverEngine.getSSLParameters();
Expand All @@ -114,7 +114,7 @@ public static void main(String args[]) throws Exception {
// Create a new client-side engine which can initiate TLS session
// resumption
SSLEngine newCliEngine = makeEngine(sslCtx, kmf, tmf, true);
newCliEngine.setEnabledProtocols(new String[] { "TLSv1.3" });
newCliEngine.setEnabledProtocols(new String[] { "TLSv1.2", "TLSv1.3" });
ByteBuffer resCliHello = getResumptionClientHello(newCliEngine);

dumpBuffer("Resumed ClientHello Data", resCliHello);
Expand Down Expand Up @@ -394,6 +394,16 @@ private static void checkResumedClientHelloSNI(ByteBuffer resCliHello)
System.err.println("* Found pre_shared_key Extension");
resCliHello.position(resCliHello.position() + extLen);
break;
case 35: // session_ticket
// This is a TLS1.2 extension; should be empty since we're
// negotiating TLS1.3. See JDK-8277307
System.err.format("* Found session_ticket extension " +
"(%d bytes)\n", extLen);
if (extLen != 0) {
throw new Exception("Unexpected session_ticket content");
}
resCliHello.position(resCliHello.position() + extLen);
break;
default:
System.err.format("* Found extension %d (%d bytes)\n",
extType, extLen);
Expand Down

1 comment on commit 9128c89

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.