Bug ID: JDK-8217408 Reduce storage of duplicate identifiers in TLS vectors in SunJSSE

Type: Bug
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 7u211,8u201,11.0.2,25

Priority: P4
Status: In Progress
Resolution: Unresolved

Submitted: 2019-01-19
Updated: 2025-05-16

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other
tbdUnresolved

SunJSSE consumers often parse handshake messages and extensions via consumers into spec objects.  These spec objects are sometimes attached to the handshake context and held at least through the handshake and possibly are passed onto child session contexts.  This includes vectors that contain duplicate identifier values currently not filtered out.  This can result in increased memory consumption.  It can also force increased processing time if those vectors need to be walked or have their values converted to enumeration members by their ID value.

Consumers parsing vectors should filter out duplicate IDs before storing them in spec objects or otherwise attaching them to the handshake context.

Producer filtration of duplicate identifiers is out of the scope for this bug.

Changing the focus of this bug from the original intent (filtration of duplicate values in SSLEngine/SSLSocket.setEnabledCipherSuites()) to reduction of memory consumption via consumers. This is labeled as noreg-hard because it is difficult to assess the memory consumption of the internal SunJSSE handshake context and its associated fields in jtreg (though it can be easily seen via a debugger).

21-06-2021