Hi Tony, thank you for the clarification.
Btw: If I'm not mistaken, the new System properties for stateless session resumption are not included in the documentation https://docs.oracle.com/en/java/javase/13/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-93DEEE16-0B70-40E5-BBE7-55C3FD432345 (Table 8-3) so far. If they should be added there at a later time, maybe, your clarification for TLS 1.3 could be incorporated there? Regards, Ralph On 12/16/2019 3:20 PM, Anthony Scarpino wrote: >> Dear all, >> >> >> in Java 13 the new System properties >> jdk.tls.client.enableSessionTicketExtension and >> jdk.tls.server.enableSessionTicketExtension were introduced. In TLS 1.2 and >> prior these properties support stateful session resumption according to RFC >> 5077. >> >> In TLS 1.3, however, there is no SessionTicketExtension and it isn't clear >> from the description [1] what impact >> jdk.tls.server.enableSessionTicketExtension has in case of a TLS 1.3 >> connection. >> >> Question 1: Does a Java server perform on a TLS 1.3 connection a stateless >> resp. stateful session resumption, if >> jdk.tls.server.enableSessionTicketExtension is set to true resp. false? >Yes >> >> Question 2: Does the content of the NewSessionTicket message in TLS 1.3 >> depend on the value of jdk.tls.server.enableSessionTicketExtension? >Yes >Tony
