On Wed, 14 May 2025 04:03:44 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
>> respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
>> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
>> jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Merged with changes for JDK-8353578
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 329:
> 327: */
> 328:
> 329: SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws
> IOException {
this constructor is used for session resumption using deserialized stateless
session tickets. AFAICT the resumed session uses a new set of exporter secrets
(exporterMasterSecret is overwritten during processing of the Finished message,
not sure about the randoms). Does it make any sense to store the original
exporter secrets in the stateless ticket?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2089580932
