Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8209953

Improve NewSessionTicket handling in TLS 1.3

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Duplicate
    • P2
    • 16
    • None
    • security-libs
    • None

    Description

      Clients must read from the server after connecting in order for the TLS implementation to receive the NewSessionTicket that can be used to resume the session. That means that clients that don't read will not be able to resume and must perform a full handshake each time. Also, when multiple clients connect to the server before reading, they will all perform a full handshake.

      We could improve the situation with the following changes:
      1) Have the server send the NewSessionTicket before it receives the client Finished message as described in section 4.6.1 of the RFC.
      2) Have the server send multiple NewSessionTicket messages, and modify the session cache so that the client can hold multiple tickets for the same server.
      3) Make sure the client is reading it's input record (to check for NewSessionTicket messages) at every opportunity, including when it sends its Finished message.

      Attachments

        Issue Links

          Activity

            People

              xuelei Xuelei Fan
              apetcher Adam Petcher (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: