JDK-8227105 : Release Note: Session Resumption without Server-Side State in JSSE
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 13
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2019-07-02
  • Updated: 2020-04-27
  • Resolved: 2019-08-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13
13Resolved
Description
The feature allows for the server-side of JSSE to operate stateless.  As described in RFC 5077[1] for TLS 1.2 and below, and RFC 8446[2] for TLS 1.3, the TLS server sends internal session information in the form of an encrypted session ticket to a client that supports stateless.  That session ticket is presented to the server during the TLS handshake to resume the session.  This should improve the performance and memory usage of the TLS server under large workloads as the session cache will seldom be used.  With less session information cached, some session information may not be available. This feature is not enabled by default and can be turned on by setting two properties.

Note that invalidated stateless TLS sessions could be resumed in the current implementation.  The behavior is not guaranteed to be the same in future releases and updates (see bugid JDK-8229148)

Note that in the current implementation, the return value of `SSLSession.getID()` is not persistent across resumption for TLS 1.3 and stateless TLS 1.2 connections.  This could be an issue if applications rely on the session identifier values.  This may change to be consistent a future release (See bugid JDK-8229149)

Two new System properties are added in support of this feature:
`jdk.tls.client.enableSessionTicketExtension` is used on the client side to toggle the Session Ticket Extension on the ClientHello message for TLS 1.2. Property value: "`true`" sends the extension, "`false`" does not (default). 

`jdk.tls.server.enableSessionTicketExtension` enables a server to use stateless session tickets if the client supports it. Clients that do not support stateless session tickets will use the cache. Property value: "`true`" enables stateless, "`false`" does not (default). 

[1]: https://tools.ietf.org/html/rfc5077 
[2]: https://tools.ietf.org/html/rfc8446