8234408: Improve TLS session handling

Reviewed-by: ascarpino, jjiang, ahgross, ssahoo, mullan

src/java.base/share/classes/sun/security/ssl/ClientHello.java

@@ -406,7 +406,7 @@ final class ClientHello {
             ProtocolVersion maxProtocolVersion = chc.maximumActiveProtocol;
 
             // session ID of the ClientHello message
-            SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
+            SessionId sessionId = new SessionId(new byte[0]);
 
             // a list of cipher suites sent by the client
             List<CipherSuite> cipherSuites = chc.activeCipherSuites;

src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java

@@ -77,11 +77,6 @@ import javax.net.ssl.SSLSessionContext;
  */
 final class SSLSessionImpl extends ExtendedSSLSession {
 
-    /*
-     * we only really need a single null session
-     */
-    static final SSLSessionImpl         nullSession = new SSLSessionImpl();
-
     /*
      * The state of a single session, as described in section 7.1
      * of the SSLv3 spec.
@@ -153,7 +148,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
      * be used either by a client or by a server, as a connection is
      * first opened and before handshaking begins.
      */
-    private SSLSessionImpl() {
+    SSLSessionImpl() {
         this.protocolVersion = ProtocolVersion.NONE;
         this.cipherSuite = CipherSuite.C_NULL;
         this.sessionId = new SessionId(false, null);
@@ -1222,15 +1217,6 @@ final class SSLSessionImpl extends ExtendedSSLSession {
     public void invalidate() {
         sessionLock.lock();
         try {
-            //
-            // Can't invalidate the NULL session -- this would be
-            // attempted when we get a handshaking error on a brand
-            // new connection, with no "real" session yet.
-            //
-            if (this == nullSession) {
-                return;
-            }
-
             if (context != null) {
                 context.remove(sessionId);
                 context = null;

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

@@ -360,7 +360,7 @@ public final class SSLSocketImpl
                 SSLLogger.severe("handshake failed", ioe);
             }
 
-            return SSLSessionImpl.nullSession;
+            return new SSLSessionImpl();
         }
 
         return conContext.conSession;

src/java.base/share/classes/sun/security/ssl/TransportContext.java

@@ -130,7 +130,7 @@ final class TransportContext implements ConnectionContext {
         this.isUnsureMode = isUnsureMode;
 
         // initial security parameters
-        this.conSession = SSLSessionImpl.nullSession;
+        this.conSession = new SSLSessionImpl();
         this.protocolVersion = this.sslConfig.maximumProtocolVersion;
         this.clientVerifyData = emptyByteArray;
         this.serverVerifyData = emptyByteArray;