> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01

ClientHello.java
----------------
1086  public void consume(ConnectionContext context,
1087         HandshakeMessage message) throws IOException {

1134  private void goServerHello(ServerHandshakeContext shc,
1135         ClientHelloMessage clientHello) throws IOException {

In the TLS 1.3 consumer of the ClientHello, the session resumption is not considered and the related variables (HandshakeContext.isResumption and HandshakeContext.resumingSession) are not initialized. There is chance to set them in the pre_shared_key extension actors. But it is too later as other extensions and connection parameters may also need to check the variables for session resumption before calling the last pre_shared_key extension actors. Missing those checks may result in various unexpected issues.

I will take care of this issue in the next one day or two.

Xuelei


On 6/3/2018 9:43 PM, Xuelei Fan wrote:
Hi,

Here it the 2nd full webrev:
   http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01

and the delta update to the 1st webrev:
   http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.00/

Xuelei

On 5/25/2018 4:45 PM, Xuelei Fan wrote:
Hi,

I'd like to invite you to review the TLS 1.3 implementation.  I appreciate it if I could have compatibility and specification feedback before May 31, 2018, and implementation feedback before June 7, 2018.

Here is the webrev:
     http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00

The formal TLS 1.3 specification is not finalized yet, although it had been approved to be a standard.  The implementation is based on the draft version 28:
     https://tools.ietf.org/html/draft-ietf-tls-tls13-28

For the overall description of this enhancement, please refer to JEP 332:
     http://openjdk.java.net/jeps/332

For the compatibility and specification update, please refer to CSR 8202625:
     https://bugs.openjdk.java.net/browse/JDK-8202625

Note that we are using the sandbox for the development right now.  For more information, please refer to Bradford's previous email:

http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html

Thanks & Regards,
Xuelei

Reply via email to