On Wed, 24 Sep 2025 15:36:47 GMT, Artur Barashev <[email protected]> wrote:
>> Please review this trivial patch that fixes stateless session resumption >> with JCE providers that require extra space for AES/GCM decryption. >> >> I modified the existing FipsModeTLS12 test to additionally verify that >> session resumption works. The TLS 1.3 test resumes the session using a >> stateless ticket; the TLS 1.2 test uses stateful sessions, because stateless >> ticket creation fails for other reasons. >> >> Tier1-3 tests continue to pass. > > test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java line 35: > >> 33: * @run main/othervm/timeout=120 -Djdk.tls.client.protocols=TLSv1.2 >> 34: * -Djdk.tls.useExtendedMasterSecret=false >> 35: * -Djdk.tls.client.enableSessionTicketExtension=false FipsModeTLS12 > > Why do we need to set `jdk.tls.client.enableSessionTicketExtension` to false? because with TLS 1.2, the server can't produce a stateless ticket; it fails when trying to extract the master secret. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27463#discussion_r2376293874
