Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211018

Session Resumption without Server-Side State

    XMLWordPrintable

Details

    • Enhancement
    • Status: Resolved
    • P3
    • Resolution: Fixed
    • None
    • 13
    • security-libs

    Backports

      Description

        The server stateless session resumption specification is defined in RFC 5077 for TLS 1.2 and before, by making use of the SessionTicket extension. This extension has been widely supported by the major TLS vendors, like OpenSSL, GnuTLS, NSS, and Microsoft, and browsers like Firefox and Google Chrome.

        TLS 1.3 RFC includes new stateless resumption

        Session cache management is becoming a performance and scalability bottleneck.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8226086 Session Resumption without Server-Side State

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8223922 Session Resumption without Server-Side State

            • P3 - Major loss of function.
            • Closed
            duplicates

            Enhancement - null JDK-8134497 Add TLS support for RFC 5077 Session Ticket

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8211017 Support TLS 1.3 session resumption without server-side state

            • P3 - Major loss of function.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8280158 New test from JDK-8274736 failed with/without patch in JDK11u

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8298381 Improve handling of session tickets for multiple SSLContexts

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8236624 Document the jdk.tls.client.enableSessionTicketExtension, jdk.tls.server.enableSessionTicketExtension and jdk.tls.server.sessionTicketTimeout system properties

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8226244 Load balance requests across servers

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8225678 sun/security/pkcs11/tls/tls12/FipsModeTLS12.java fails due to SSLProtocolException

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8229148 SSLSession.invalidate() should not be implicitly required

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8229149 SSLSession.getId() always returns the TLS record session id

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8228396 Re-enable Stateless Resumption On by default for merge to mainline

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8227551 Session Resumption without Server-Side State off by default

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8226649 NullPointerException (boundValues) in SSLSessionImpl methods since JDK-8211018

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8277307 Pre shared key sent under both session_ticket and pre_shared_key extensions

            • P3 - Major loss of function.
            • Closed

            CSR - null JDK-8227530 Session Resumption without Server-Side State off by default

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                ascarpino Anthony Scarpino
                xuelei Xuelei Fan
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: