Re: RFR: 8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions

Daniel Jeliński Thu, 02 Jun 2022 13:17:55 -0700

On Tue, 31 May 2022 13:47:28 GMT, Sean Coffey <coff...@openjdk.org> wrote:


>> Session ticket extension should only contain pre-TLS1.3 stateless session 
>> tickets; it should not be used for sending TLS1.3 pre-shared keys.
>
> src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java line 
> 410:
> 
>> 408:                     || chc.resumingSession.getPskIdentity() == null
>> 409:                     || !Arrays.asList(ProtocolVersion.PROTOCOLS_10_12)
>> 410:                         
>> .contains(chc.resumingSession.getProtocolVersion())) {
> 
> would  `chc.resumingSession.getProtocolVersion().useTLS13PlusSpec()` read 
> better for your last condition ? Might save on Array allocations also ?

good point!

-------------

PR: https://git.openjdk.java.net/jdk/pull/8922

Re: RFR: 8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions

Reply via email to