JDK-8209953 : Improve NewSessionTicket handling in TLS 1.3
- Type: Enhancement
- Component: security-libs
- Sub-Component: javax.net.ssl
- Priority: P2
- Status: Closed
- Resolution: Duplicate
- Submitted: 2018-08-24
- Updated: 2020-08-05
- Resolved: 2020-08-05
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 16 |
|---|
16Resolved  |
Related Reports
|
Duplicate :
|
Description
Clients must read from the server after connecting in order for the TLS implementation to receive the NewSessionTicket that can be used to resume the session. That means that clients that don't read will not be able to resume and must perform a full handshake each time. Also, when multiple clients connect to the server before reading, they will all perform a full handshake. We could improve the situation with the following changes: 1) Have the server send the NewSessionTicket before it receives the client Finished message as described in section 4.6.1 of the RFC. 2) Have the server send multiple NewSessionTicket messages, and modify the session cache so that the client can hold multiple tickets for the same server. 3) Make sure the client is reading it's input record (to check for NewSessionTicket messages) at every opportunity, including when it sends its Finished message.