Thanks for spotting this. I filed
https://bugs.openjdk.java.net/browse/JDK-8236624 to update the docs.
--Sean
On 12/17/19 7:53 AM, ra...@web.de wrote:
Hi Tony,
thank you for the clarification.
Btw: If I'm not mistaken, the new System properties for stateless session
resumption are not included in the documentation
https://docs.oracle.com/en/java/javase/13/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-93DEEE16-0B70-40E5-BBE7-55C3FD432345
(Table 8-3) so far. If they should be added there at a later time, maybe, your
clarification for TLS 1.3 could be incorporated there?
Regards,
Ralph
On 12/16/2019 3:20 PM, Anthony Scarpino wrote:
Dear all,
in Java 13 the new System properties
jdk.tls.client.enableSessionTicketExtension and
jdk.tls.server.enableSessionTicketExtension were introduced. In TLS 1.2 and
prior these properties support stateful session resumption according to RFC
5077.
In TLS 1.3, however, there is no SessionTicketExtension and it isn't clear from
the description [1] what impact jdk.tls.server.enableSessionTicketExtension has
in case of a TLS 1.3 connection.
Question 1: Does a Java server perform on a TLS 1.3 connection a stateless
resp. stateful session resumption, if
jdk.tls.server.enableSessionTicketExtension is set to true resp. false?
Yes
Question 2: Does the content of the NewSessionTicket message in TLS 1.3 depend
on the value of jdk.tls.server.enableSessionTicketExtension?
Yes
Tony
