On Sun, 11 Dec 2022 23:52:25 GMT, Sergey Bylokhov <s...@openjdk.org> wrote:
> > You're right, but that's actually an improvement compared to the initial > > implementation where cleanup/destroy wasn't synchronized at all :) > > With regards to the missing synchronization of key usage and key > > destruction, I think this patch doesn't change the existing behavior > > because it wasn't synchronized before either. > > I think behavior is changed, since the synchronization problem was hidden by > generation of many keys. And if we start to use one key by many threads, we > will need to carefully sync it, but if we just add synchronization per ssl > contex we will make encode/decode methods single threaded per ssl context, > which is unfortunate. Not sure what you mean? Do you refer to the `SessionTicketSpec`s `encrypt()`/`decrypt()` methods?What do you mean by "*we make them single threaded per ssl context*"? `encrypt()` will call `getCurrentKey()` which isn't synchronized. Only once an hour or so, when the current key has expired, `getCurrentKey()` will call `getNextKey()` which is synchronized on the ssl context. `decrypt()` only calls `getKey()` which is never synchronized. I can't see a problem here. ------------- PR: https://git.openjdk.org/jdk/pull/11590
