Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8242008

SSLSession inconsistencies

    XMLWordPrintable

Details

    • b20
    • Verified

    Description

      SSLSessions obtained after an initial connection may return a null value when its getSessionContext() method is called. This appears to happen with both SSLSocket and SSLEngine objects.

      Pulling the SSLSession after a resumption does return a non-null SSLSessionContext object when getSessionContext is called. Setting jdk.tls.server.enableSessionTicketExtension=false also appears to work around the issue.

      A modified version of the original reproducer code has been attached. The original reproducer can be found at:
      https://github.com/normanmaurer/jdk_ssl_session_context_reproducer

      ----

      Also added to this bug not related to netty:
      - An unnecessary add to the session cache for 1.3 w/ state
      - Fix to the stateless session data that can corrupt the SSLSession getPeerHost and getPeerPort

      Attachments

        Issue Links

          Activity

            People

              ascarpino Anthony Scarpino
              jnimeh Jamil Nimeh
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: