archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session

Browse source 
Reviewed-by: djelinski, wetmore
This commit is contained in:
Jaikiran Pai 2023-09-29 05:00:02 +00:00
parent 355811a996
commit 0259da9283
2 changed files with 253 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,6 +42,7 @@ import javax.net.ssl.StandardConstants;
import static sun.security.ssl.SSLExtension.CH_SERVER_NAME;
import static sun.security.ssl.SSLExtension.EE_SERVER_NAME;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import static sun.security.ssl.SSLExtension.SH_PRE_SHARED_KEY;
import static sun.security.ssl.SSLExtension.SH_SERVER_NAME;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
@ -342,6 +343,10 @@ final class ServerNameExtension {
sni, shc.resumingSession.serverNameIndication)) {
shc.isResumption = false;
shc.resumingSession = null;
// this server is disallowing this session resumption,
// so don't include the pre-shared key in the
// ServerHello handshake message
shc.handshakeExtensions.remove(SH_PRE_SHARED_KEY);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"abort session resumption, " +