Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8209953

Improve NewSessionTicket handling in TLS 1.3

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P2
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: 16
    • Component/s: security-libs
    • Labels:
      None

      Description

      Clients must read from the server after connecting in order for the TLS implementation to receive the NewSessionTicket that can be used to resume the session. That means that clients that don't read will not be able to resume and must perform a full handshake each time. Also, when multiple clients connect to the server before reading, they will all perform a full handshake.

      We could improve the situation with the following changes:
      1) Have the server send the NewSessionTicket before it receives the client Finished message as described in section 4.6.1 of the RFC.
      2) Have the server send multiple NewSessionTicket messages, and modify the session cache so that the client can hold multiple tickets for the same server.
      3) Make sure the client is reading it's input record (to check for NewSessionTicket messages) at every opportunity, including when it sends its Finished message.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              xuelei Xuelei Fan
              Reporter:
              apetcher Adam Petcher (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: