Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8264204

Clarify note in section "Resuming Session Without Server-Side State" in JSSE Reference Guide

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 17
    • Component/s: docs
    • Labels:

      Description

      1. https://docs.oracle.com/en/java/javase/15/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-64D7EAF6-D2EE-4719-8616-25E2829CF810

      This feature [Resuming Session Without Server-Side State] is not enabled by default.

      2. The following is unclear: "However, the contents of stateless tickets, in particular, the contents of a NewSessionTicket message, depend on the value of jdk.tls.server.enableSessionTicketExtension."

      =====

      Here's a summary of the discussion around this issue:

      1. This has been fixed in the JDK 16 docs:

      https://docs.oracle.com/en/java/javase/16/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-64D7EAF6-D2EE-4719-8616-25E2829CF810

      2. In TLS 1.3, if stateless session resumption is in use (that is, the system property jdk.tls.server.enableSessionTicketExtension is true), then the NewSessionTicket message includes all session information (in encrypted format).

      If session resumption is stateful (that is, jdk.tls.server.enableSessionTicketExtension is false), then the NewSessionTicket message just contains a key that is used by the server during session resumption in order to access the session information from its session cache.

      In TLS 1.3, you can configure the resumption mode (set it to either stateful or stateless) with the system property jdk.tls.server.enableSessionTicketExtension. However, in JDK 14 and later, there's usually no need to change the default resumption mode, which is stateless.

      A note should be added to the description of jdk.tls.server.enableSessionTicketExtension:

      Note: In TLS 1.2 stateless session tickets will be used only if they are supported by the client.

        Attachments

          Activity

            People

            Assignee:
            rgallard Raymond Gallardo
            Reporter:
            rgallard Raymond Gallardo
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: