JDK-8229148 : SSLSession.invalidate() does not invalidate stateless tickets
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 13,14
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2019-08-05
  • Updated: 2019-10-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Relates :  
Description
Stateless tickets are not invalidated when the SSLSession.invalidate() method is called.  Since the server keeps no state, there is no state to invalidate.  This may change in a future update or release to keep a small cache tickets