JDK-8333581 : Multiple NewSessionTicket support for TLS
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P2
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 17-pool,21-pool,23-pool,24
  • Submitted: 2024-06-04
  • Updated: 2024-08-23
  • Resolved: 2024-08-23
Related Reports
CSR :  
JDK-8328608 - Multiple NewSessionTicket support for TLS
Description
Summary
-------
Improve TLS 1.3 session resumption by allowing a TLS server to send more than one resumption ticket per connection.

Problem
-------
Resumption is a quick way to use an existing TLS session to establish another session by avoiding the long TLS full handshake process.  In TLS 1.2 and below, clients can repeatedly resume a session by using the session ID from an established connection.  In TLS 1.3, a one-time "resumption ticket" is sent by the server after the TLS connection has been established.  The server may send multiple resumption tickets to help clients that rapidly resume connections.  If the client does not have another resumption ticket, it must go through the full TLS handshake again. 

The number of resumption tickets should be configurable by the application developer or administrator. [RFC 8446][1] allows multiple tickets but does not specify a default value.  Since TLS 1.3 was implemented in the JDK, one resumption ticket is sent per handshake.  

TLS 1.2 only supports one resumption ticket according to [RFC 5077][3] and must be handled slightly different.

Solution
--------

Creating a system property called `jdk.tls.server.newSessionTicketCount` allows the user to change the number of resumption tickets sent by the server.  If this property is not set or given an invalid value, the default value of 1 is used.  Valid property values are between 0 and 10.    TLS 1.2 will always send one resumption ticket unless the property is set to zero, given [RFC 5077][3] differences.  

Configuring the TLS server to send more than one resumption ticket is a small part of a larger change which allows TLS clients to store more than one resumption ticket.


Specification
-------------

The change is only in code and will be documented in the JSSE Guide.  There is no javadoc for this change as it is a TLS configuration beyond the Java API.

At the end of the [Resuming Session Without Server-Side State][2] session in the JSSE Guide, the following would be a proposed addition:

    The server sends one session ticket by default.  The system property
    `jdk.tls.server.newSessionTicketCount` will set the number of tickets
    sent per TLS 1.3 connection, ranging from 0 to 10.  TLS 1.2 does not
    support more than one session ticket, but will send no tickets if the
    property is set to zero.

To view the code change see src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java at https://github.com/openjdk/jdk/pull/19465/files/

  [1]: https://www.rfc-editor.org/rfc/rfc8446 "RFC 8446"
  [2]: https://docs.oracle.com/en/java/javase/22/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-64D7EAF6-D2EE-4719-8616-25E2829CF810 "Resuming Session Without Server-Side State"
  [3]: https://www.rfc-editor.org/rfc/rfc5077 "RFC 5077"
Comments
Moving to Approved.
23-08-2024
Updated
22-07-2024
I think the scope should be "JDK" since this is a supported system property.
22-07-2024
Moving to Provisional, not Approved. Please include a diff of proposed doc update before the CSR is Finalized.
20-07-2024
As mentioned in the code review, 0 is added to send no NST.
19-06-2024
> Valid values are between 0 and 10. Should be [1, 10]?
19-06-2024