-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u161, 9.0.4, 10.0.1, 11
-
x86_64
-
windows_10
A DESCRIPTION OF THE PROBLEM :
TLS session resumption using the included Sun JSSE provider is not working in at least the following versions:
10.0.1
8u172
8u162
It is working in at least:
9.0.1
8u152
REGRESSION : Last worked in version 8u161
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Enable session caching by modifying the SSLContext via:
SSLSessionContext clientContext = ctx.getClientSessionContext();
clientContext.setSessionCacheSize(1000);
SSLSessionContext serverContext = ctx.getServerSessionContext();
serverContext.setSessionCacheSize(5000);
Use an SSLSocket to access openssl s_server -www ... test server as a client
(or have a server with SSLServerSocket and access via openssl s_client -connect ... -reconnect)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expect openssl to report that the session is reused, e.g.:
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Alternatively, enable -Djavax.net.debug=ssl and expect to see messages like:
%% Client cached [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
%% Try resuming [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] from port 54230
update handshake state: client_hello[1]
9.0.1 and 8u152 shows this behavior
ACTUAL -
However, 10.0.1, 8u172, 8u162 show:
%% Client cached [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
update handshake state: client_hello[1]
and correspondingly openssl shows "New" instead of "Reused".
Note that switching to Google Conscrypt JSSE provider correctly shows session reuse.
FREQUENCY : always
TLS session resumption using the included Sun JSSE provider is not working in at least the following versions:
10.0.1
8u172
8u162
It is working in at least:
9.0.1
8u152
REGRESSION : Last worked in version 8u161
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Enable session caching by modifying the SSLContext via:
SSLSessionContext clientContext = ctx.getClientSessionContext();
clientContext.setSessionCacheSize(1000);
SSLSessionContext serverContext = ctx.getServerSessionContext();
serverContext.setSessionCacheSize(5000);
Use an SSLSocket to access openssl s_server -www ... test server as a client
(or have a server with SSLServerSocket and access via openssl s_client -connect ... -reconnect)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expect openssl to report that the session is reused, e.g.:
Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Alternatively, enable -Djavax.net.debug=ssl and expect to see messages like:
%% Client cached [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
%% Try resuming [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] from port 54230
update handshake state: client_hello[1]
9.0.1 and 8u152 shows this behavior
ACTUAL -
However, 10.0.1, 8u172, 8u162 show:
%% Client cached [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
update handshake state: client_hello[1]
and correspondingly openssl shows "New" instead of "Reused".
Note that switching to Google Conscrypt JSSE provider correctly shows session reuse.
FREQUENCY : always