8208209: Improve TLS connection stability again

Reviewed-by: xuelei
2025-08-28 23:34:52 +02:00 · 2018-07-30 13:53:30 -04:00 · 2018-07-30 13:53:30 -04:00 · 1c4396ebae
commit 1c4396ebae
parent c29276cc0d
3 changed files with 65 additions and 2 deletions
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
@ -32,6 +32,7 @@ import java.util.List;
 import java.util.ArrayList;
 import java.util.Locale;
 import java.util.Arrays;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.Collection;
 import javax.crypto.Mac;
@ -170,7 +171,7 @@ final class PreSharedKeyExtension {

        int getIdsEncodedLength() {
            int idEncodedLength = 0;
-            for (PskIdentity curId : identities) {
+            for(PskIdentity curId : identities) {
                idEncodedLength += curId.getEncodedLength();
            }

@ -193,7 +194,7 @@ final class PreSharedKeyExtension {
            byte[] buffer = new byte[encodedLength];
            ByteBuffer m = ByteBuffer.wrap(buffer);
            Record.putInt16(m, idsEncodedLength);
-            for (PskIdentity curId : identities) {
+            for(PskIdentity curId : identities) {
                curId.writeEncoded(m);
            }
            Record.putInt16(m, bindersEncodedLength);
@ -443,6 +444,23 @@ final class PreSharedKeyExtension {
            }
        }

+        // ensure that the endpoint identification algorithm matches the
+        // one in the session
+        String identityAlg = shc.sslConfig.identificationProtocol;
+        if (result && identityAlg != null) {
+            String sessionIdentityAlg = s.getIdentificationProtocol();
+            if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
+                if (SSLLogger.isOn &&
+                    SSLLogger.isOn("ssl,handshake,verbose")) {
+
+                    SSLLogger.finest("Can't resume, endpoint id" +
+                        " algorithm does not match, requested: " +
+                        identityAlg + ", cached: " + sessionIdentityAlg);
+                }
+                result = false;
+            }
+        }
+
        // Ensure cipher suite can be negotiated
        if (result && (!shc.isNegotiable(s.getSuite()) ||
            !clientHello.cipherSuites.contains(s.getSuite()))) {