-
Bug
-
Resolution: Duplicate
-
P3
-
11
A DESCRIPTION OF THE PROBLEM :
When a new client connects to a Java server using TLS 1.3, 2 entries are created in SSL session cache; as a result the default session cache can only cache sessions for half the clients.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Start a TLS 1.3 server; connect to that server using any TLS 1.3 client; count entries in SSL session cache
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expected to find one entry in session cache
ACTUAL -
Found 2 entries in session cache
---------- BEGIN SOURCE ----------
package com.company;
import javax.net.ssl.*;
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.Base64;
import java.util.Enumeration;
public class MinimalServer {
private static String SelfSignedP12 =
"MIIEVwIBAzCCBBAGCSqGSIb3DQEHAaCCBAEEggP9MIID+TCCAQUGCSqGSIb3DQEHAaCB9wSB9DCB8TCB" +
"7gYLKoZIhvcNAQwKAQKggYgwgYUwKQYKKoZIhvcNAQwBAzAbBBTs1k2eXy198HtbbK7Hlxl2KO8FJQID" +
"AMNQBFhc3G89/a31MBNYtgAeNUWw/8QMBE7O0HAdYiaWZEF5Iuq+7nH0RdQjiG58rGH+x2bT6aUaIv5s" +
"GqCwzz8pUI2usBtjUsz2/EOWVEM1a7YPNs/aiktQprTsMVQwLwYJKoZIhvcNAQkUMSIeIAB0AGUAcwB0" +
"ACAAYwBlAHIAdABpAGYAaQBjAGEAdABlMCEGCSqGSIb3DQEJFTEUBBJUaW1lIDE1MzAyNzYwMDIxMTUw" +
"ggLsBgkqhkiG9w0BBwagggLdMIIC2QIBADCCAtIGCSqGSIb3DQEHATApBgoqhkiG9w0BDAEGMBsEFGop" +
"U5AyxcnCeLd9CRH64BbhM3K6AgMAw1CAggKY5YOXqPL3v1n6Q7m6XXK32ifjdyD+P7mR5roL6IRqb5sn" +
"iwlCUEoPaKYnWb9zGqISjVV+sTMRV1AV6NVl0MaGqZooYbqNuLdOLQRBX8s2kkRQpnlLJbXwAtGReN/v" +
"sQkfmSWQH1vkpNRD6lBL10wbVa3FXLTwXiyWSNHooKZuqiA3YYRLPKcSKvGePDbH96Lv2xn8tXX8R4DS" +
"AXMF5+p7e1YxfnrI0j/2EvZ1iy5S5aNuuHVQLdkhzBQ/xepYNhQ6B9PR3wTLNaAN0y5DpMwBwtRaEE5x" +
"sya8BxoKylppudksck1VSYDJ8uL9YRFce2Jpcu49rChnxJbtsZNrXdOJ4I9gAyeEzCcwpFnFlFtNzlk0" +
"kq5HPI7aFJuRZAIeQZdexdAIuX/I99hbCTgoILPLBbdnZpD0FMf4QiO7zax+PB8jilzmGZNprdjXTrgB" +
"gDY1lKNOD9csdSYf7OZtIqtL/ItXRS8+vwkXsVBy+cHV4Lm5F6WcHbuCijHgO9I/i11/dLMgWnec5s9f" +
"JgobI7LtHyWVUMuQHpICeeXaTRdjvnS0SpDZ4hhnJazyvnOp/XcLqDuGhabftINHPo3WqGMziLDQJ/bm" +
"RlekI51RSTElGx3iNkmcvTeFZkpmtRTBBRRNabcEwxY7QdQ+BBYoDZj6PQEhQlgHvOzeHxUO0MoQMnOY" +
"OzvsVrdOLuPdePwulzdBZPT0/TKaQurW6mYVn0P6NC30lFn62cX7hNo4IgkiK9QEkGZAGpRQ+colTseO" +
"OaarAMiy96Mqyhr75KmVkHthoJRx1uom+41YoxRo84giZCtaQ14pXED6ZsbSh2ermNPPvzZj2A71d5w/" +
"VGlKupkumgwCqAcpZoJlilp3MWIuVrPKcPQJRL229jA+MCEwCQYFKw4DAhoFAAQUAjR++XKs2CpyQnWd" +
"JbAC0TdIj6wEFK8VOoYBedkzXBQQn9F2nA/lQrJhAgMBhqA=";
private static String SelfSignedPW = "";
public static void main(String[] args) throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new ByteArrayInputStream(Base64.getDecoder().decode(SelfSignedP12)), SelfSignedPW.toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, SelfSignedPW.toCharArray());
context.init(keyManagerFactory.getKeyManagers(), null, null);
SSLSessionContext serverContext = context.getServerSessionContext();
serverContext.setSessionCacheSize(5);
SSLServerSocketFactory factory = context.getServerSocketFactory();
SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(8443);
while (true) {
System.out.println("Wait for connection...");
try (SSLSocket client = (SSLSocket) socket.accept(); OutputStream os = client.getOutputStream()) {
System.out.println("Connection from " + client.getRemoteSocketAddress());
os.write(("I am Java version: " + System.getProperty("java.version") + "\n").getBytes(StandardCharsets.UTF_8));
os.flush();
System.out.println("Closing connection...");
System.out.println("Current cache size: " + countEnumeration(serverContext.getIds()));
} catch (Exception e) {
e.printStackTrace();
}
}
}
private static int countEnumeration(Enumeration<byte[]> ids) {
int count = 0;
while (ids.hasMoreElements()) {
ids.nextElement();
count++;
}
return count;
}
}
---------- END SOURCE ----------
FREQUENCY : always
When a new client connects to a Java server using TLS 1.3, 2 entries are created in SSL session cache; as a result the default session cache can only cache sessions for half the clients.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Start a TLS 1.3 server; connect to that server using any TLS 1.3 client; count entries in SSL session cache
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expected to find one entry in session cache
ACTUAL -
Found 2 entries in session cache
---------- BEGIN SOURCE ----------
package com.company;
import javax.net.ssl.*;
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.Base64;
import java.util.Enumeration;
public class MinimalServer {
private static String SelfSignedP12 =
"MIIEVwIBAzCCBBAGCSqGSIb3DQEHAaCCBAEEggP9MIID+TCCAQUGCSqGSIb3DQEHAaCB9wSB9DCB8TCB" +
"7gYLKoZIhvcNAQwKAQKggYgwgYUwKQYKKoZIhvcNAQwBAzAbBBTs1k2eXy198HtbbK7Hlxl2KO8FJQID" +
"AMNQBFhc3G89/a31MBNYtgAeNUWw/8QMBE7O0HAdYiaWZEF5Iuq+7nH0RdQjiG58rGH+x2bT6aUaIv5s" +
"GqCwzz8pUI2usBtjUsz2/EOWVEM1a7YPNs/aiktQprTsMVQwLwYJKoZIhvcNAQkUMSIeIAB0AGUAcwB0" +
"ACAAYwBlAHIAdABpAGYAaQBjAGEAdABlMCEGCSqGSIb3DQEJFTEUBBJUaW1lIDE1MzAyNzYwMDIxMTUw" +
"ggLsBgkqhkiG9w0BBwagggLdMIIC2QIBADCCAtIGCSqGSIb3DQEHATApBgoqhkiG9w0BDAEGMBsEFGop" +
"U5AyxcnCeLd9CRH64BbhM3K6AgMAw1CAggKY5YOXqPL3v1n6Q7m6XXK32ifjdyD+P7mR5roL6IRqb5sn" +
"iwlCUEoPaKYnWb9zGqISjVV+sTMRV1AV6NVl0MaGqZooYbqNuLdOLQRBX8s2kkRQpnlLJbXwAtGReN/v" +
"sQkfmSWQH1vkpNRD6lBL10wbVa3FXLTwXiyWSNHooKZuqiA3YYRLPKcSKvGePDbH96Lv2xn8tXX8R4DS" +
"AXMF5+p7e1YxfnrI0j/2EvZ1iy5S5aNuuHVQLdkhzBQ/xepYNhQ6B9PR3wTLNaAN0y5DpMwBwtRaEE5x" +
"sya8BxoKylppudksck1VSYDJ8uL9YRFce2Jpcu49rChnxJbtsZNrXdOJ4I9gAyeEzCcwpFnFlFtNzlk0" +
"kq5HPI7aFJuRZAIeQZdexdAIuX/I99hbCTgoILPLBbdnZpD0FMf4QiO7zax+PB8jilzmGZNprdjXTrgB" +
"gDY1lKNOD9csdSYf7OZtIqtL/ItXRS8+vwkXsVBy+cHV4Lm5F6WcHbuCijHgO9I/i11/dLMgWnec5s9f" +
"JgobI7LtHyWVUMuQHpICeeXaTRdjvnS0SpDZ4hhnJazyvnOp/XcLqDuGhabftINHPo3WqGMziLDQJ/bm" +
"RlekI51RSTElGx3iNkmcvTeFZkpmtRTBBRRNabcEwxY7QdQ+BBYoDZj6PQEhQlgHvOzeHxUO0MoQMnOY" +
"OzvsVrdOLuPdePwulzdBZPT0/TKaQurW6mYVn0P6NC30lFn62cX7hNo4IgkiK9QEkGZAGpRQ+colTseO" +
"OaarAMiy96Mqyhr75KmVkHthoJRx1uom+41YoxRo84giZCtaQ14pXED6ZsbSh2ermNPPvzZj2A71d5w/" +
"VGlKupkumgwCqAcpZoJlilp3MWIuVrPKcPQJRL229jA+MCEwCQYFKw4DAhoFAAQUAjR++XKs2CpyQnWd" +
"JbAC0TdIj6wEFK8VOoYBedkzXBQQn9F2nA/lQrJhAgMBhqA=";
private static String SelfSignedPW = "";
public static void main(String[] args) throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new ByteArrayInputStream(Base64.getDecoder().decode(SelfSignedP12)), SelfSignedPW.toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, SelfSignedPW.toCharArray());
context.init(keyManagerFactory.getKeyManagers(), null, null);
SSLSessionContext serverContext = context.getServerSessionContext();
serverContext.setSessionCacheSize(5);
SSLServerSocketFactory factory = context.getServerSocketFactory();
SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(8443);
while (true) {
System.out.println("Wait for connection...");
try (SSLSocket client = (SSLSocket) socket.accept(); OutputStream os = client.getOutputStream()) {
System.out.println("Connection from " + client.getRemoteSocketAddress());
os.write(("I am Java version: " + System.getProperty("java.version") + "\n").getBytes(StandardCharsets.UTF_8));
os.flush();
System.out.println("Closing connection...");
System.out.println("Current cache size: " + countEnumeration(serverContext.getIds()));
} catch (Exception e) {
e.printStackTrace();
}
}
}
private static int countEnumeration(Enumeration<byte[]> ids) {
int count = 0;
while (ids.hasMoreElements()) {
ids.nextElement();
count++;
}
return count;
}
}
---------- END SOURCE ----------
FREQUENCY : always
- duplicates
-
JDK-8245576 Distributed TLS sessions implementation
-
- In Progress
-