On Thu, 2 Jun 2022 21:02:16 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> Session ticket extension should only contain pre-TLS1.3 stateless session >> tickets; it should not be used for sending TLS1.3 pre-shared keys. > > Daniel Jeliński has updated the pull request incrementally with one > additional commit since the last revision: > > different check for TLS13 The bug and the PR could have used a lot more description that the issue here is that 1.2 and 1.3 are enabled at the same time. such as via `setEnabledProtocols()`. At first I thought this bug was incorrect because 1.3 does not display a session_ticket extension as it is only supported in the code by 1.0-1.2. But with both enabled, it causes all the extensions to be enabled. After thinking about it, this maybe the better way to fix this as the it a heterogeneous server environment, only sending 1.3 extension from the resumed TLS protocol may cause errors when talking to 1.2 server. So both extensions need to be enabled globally, but since we are resuming 1.3 state, the same state does not to be passed in a 1.2 connection. It should do a full handshake. One could ask the reverse, if the resumption is from 1.2 should we be sending a 1.3 pre_shared_key extension.. But that can be for another bug I suppose. ------------- PR: https://git.openjdk.java.net/jdk/pull/8922
