On Wed, 14 May 2025 21:42:06 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 329:
>>
>>> 327: */
>>> 328:
>>> 329: SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws
>>> IOException {
>>
>> this constructor is used for session resumption using deserialized stateless
>> session tickets. AFAICT the resumed session uses a new set of exporter
>> secrets (exporterMasterSecret is overwritten during processing of the
>> Finished message, not sure about the randoms). Does it make any sense to
>> store the original exporter secrets in the stateless ticket?
>
> Good catch, I am 99% convinced neither is not needed. I'll be removing these
> changes.
>
> For TLS 1.3, the exporter is recalculated at the end of the handshake for the
> new session.
>
> For 1-1.2, the Session is indeed pulled from the serialized form, but the new
> session's Hello Random values are used with the existing MasterSecret to load
> the `TlsKeyMaterialParameterSpec` and obtain all of the keying material.
Update, will push soon.
Had to move the random capture locations, as they need to capture the new
client/server randoms instead of when the PMS is calculated.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2089922075
