JDK-8367059 : DTLS: loss of NewSessionTicket message results in handshake failure
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 13,26
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-09-08
  • Updated: 2025-11-04
  • Resolved: 2025-10-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 26
26 b22Fixed
Related Reports
Relates :  
JDK-8263571 - Final CCS and Finished DTLS messages can't be re-transmitted
Description
Spotted while reviewing https://github.com/openjdk/jdk/pull/27093.

If the NewSessionTicket message is lost, the handshake fails on the client side with:
javax.net.ssl.SSLHandshakeException: (decrypt_error) The Finished message cannot be verified.

To reproduce, add the following run line to the PacketLossRetransmission jtreg test:
@run main/othervm PacketLossRetransmission server 4 new_session_ticket

Workaround: avoid sending the NewSessionTicket message by disabling stateless session resumption
Comments
Changeset: 436dc687 Branch: master Author: Artur Barashev <abarashev@openjdk.org> Date: 2025-10-29 17:25:31 +0000 URL: https://git.openjdk.org/jdk/commit/436dc687ba2ead1662a4e0125cea0966fac825e5
29-10-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/27677 Date: 2025-10-07 15:51:06 +0000
07-10-2025
The problem is that expectingFinishFlight is called too early: https://github.com/openjdk/jdk/blob/bea2b029a77e126171d17c3a44baec6d5cafed4a/src/java.base/share/classes/sun/security/ssl/Finished.java#L419 It should not be called until the NewSessionTicket message is consumed, otherwise the Finished message may be consumed before the NewSessionTicket message. Once this issue is fixed, the next one is JDK-8263571 - the NewSessionTicket message is not retransmitted when it's lost.
08-09-2025