JDK-8229149 : SSLSession.getId() always returns the TLS record session id
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 13,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Duplicate
  • Submitted: 2019-08-05
  • Updated: 2021-02-03
  • Resolved: 2021-02-03
Related Reports
Duplicate :  
Relates :  
Description
SSLSession.getID() will return the current TLS record session id when using stateless resumption.  For TLS 1.2 using stateless, this maybe more of an issue as resumption has always used the previous session ID. However, if the client resumes with the previous session ID, the server reply with that ID.  This may change to be consistent a future release.