archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8277881: Missing SessionID in TLS1.3 resumption in compatibility mode

Browse source 
Reviewed-by: ascarpino
This commit is contained in:
Daniel Jelinski 2021-12-24 00:01:46 +00:00 committed by Anthony Scarpino
parent 4669bcd877
commit 9d99a377bf
3 changed files with 14 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/java.base/share/classes/sun/security/ssl/ClientHello.java
View file

@ -568,15 +568,15 @@ final class ClientHello {
"No new session is allowed and " +
"no existing session can be resumed");
}
if (chc.maximumActiveProtocol.useTLS13PlusSpec() &&
SSLConfiguration.useCompatibilityMode) {
// In compatibility mode, the TLS 1.3 legacy_session_id
// field MUST be non-empty, so a client not offering a
// pre-TLS 1.3 session MUST generate a new 32-byte value.
sessionId =
}
if (sessionId.length() == 0 &&
chc.maximumActiveProtocol.useTLS13PlusSpec() &&
SSLConfiguration.useCompatibilityMode) {
// In compatibility mode, the TLS 1.3 legacy_session_id
// field MUST be non-empty, so a client not offering a
// pre-TLS 1.3 session MUST generate a new 32-byte value.
sessionId =
new SessionId(true, chc.sslContext.getSecureRandom());
}
}
ProtocolVersion minimumVersion = ProtocolVersion.NONE;

2
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java
View file

@ -97,7 +97,7 @@ final class SSLConfiguration implements Cloneable {
static final boolean allowLegacyMasterSecret =
Utilities.getBooleanProperty("jdk.tls.allowLegacyMasterSecret", true);
// Allow full handshake without Extended Master Secret extension.
// Use TLS1.3 middlebox compatibility mode.
static final boolean useCompatibilityMode = Utilities.getBooleanProperty(
"jdk.tls.client.useCompatibilityMode", true);