Hi Sergey,
Thanks for starting this discussion. I've opened "8298381: Improve
handling of session tickets for multiple SSLContexts" [1] to track
this issue and submitted a pull request with a potential fix [2].
Let's continue the discussion there if you don't mind :)
Best regards,
Volker
[1] htt
Currently, TLS session tickets introduced by
[JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e.
`SessionTicketExtension$StatelessKey`) are generated in the class
`SessionTicketExtension` and they use a single, global key ID (`currentKeyID`)
for all `SSLContext`s.
This i
On Thu, 8 Dec 2022 18:52:31 GMT, Sergey Bylokhov wrote:
> I have asked some of the next questions already
> [here](https://mail.openjdk.org/pipermail/security-dev/2022-December/033797.html).
> Would like to mention some of them;
>
> * The main question I have: is it safe to assume that the
On Sun, 11 Dec 2022 20:38:16 GMT, Xue-Lei Andrew Fan wrote:
> > The same example with the 1000 connections being opened alternatively on
> > two different contexts will instead create 1000 `StatelessKey` instances:
>
> That's obviously not the expected behaviors. It is a good catch for the
> `
On Sun, 11 Dec 2022 23:52:25 GMT, Sergey Bylokhov wrote:
> > You're right, but that's actually an improvement compared to the initial
> > implementation where cleanup/destroy wasn't synchronized at all :)
> > With regards to the missing synchronization of key usage and key
> > destruction, I th
n:
>
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext
> 2 1000
> 611: 2 64
> sun.security.ssl.SessionTicketExtension$StatelessKey (java.base@20-internal)
>
>
> I've attached the test program to the [JBS
> issue](https://bugs.openjdk.o
On Sun, 11 Dec 2022 20:38:16 GMT, Xue-Lei Andrew Fan wrote:
>> Currently, TLS session tickets introduced by
>> [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e.
>> `SessionTicketExtension$StatelessKey`) are generated in the class
>> `SessionTicketExtension` and they us
On Wed, 21 Dec 2022 00:22:37 GMT, David Schlosnagle wrote:
>> Volker Simonis has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - Some refactoring and simplification. Moved most of the implementation
>>
On Wed, 21 Dec 2022 00:10:08 GMT, David Schlosnagle wrote:
>> Volker Simonis has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - Some refactoring and simplification. Moved most of the implementation
>>
n:
>
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext
> 2 1000
> 611: 2 64
> sun.security.ssl.SessionTicketExtension$StatelessKey (java.base@20-internal)
>
>
> I've attached the test program to the [JBS
> issue](https://bugs.openjdk.o
On Wed, 21 Dec 2022 19:34:19 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Optimized initialisation of currentKeyID and deletion of expired session
>>
On Wed, 21 Dec 2022 19:46:57 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Optimized initialisation of currentKeyID and deletion of expired session
>>
On Wed, 21 Dec 2022 20:07:40 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Optimized initialisation of currentKeyID and deletion of expired session
>>
On Wed, 21 Dec 2022 20:11:44 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Optimized initialisation of currentKeyID and deletion of expired session
>>
On Wed, 21 Dec 2022 20:23:25 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Optimized initialisation of currentKeyID and deletion of expired session
>>
On Wed, 21 Dec 2022 22:53:49 GMT, Anthony Scarpino
wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Optimized initialisation of currentKeyID and deletion of expired session
>>
On Wed, 21 Dec 2022 22:53:44 GMT, Anthony Scarpino
wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java line 80:
>>
>>> 78:
>>> 79: protected SessionTicketExtension.StatelessKey getKey() {
>>> 80: SessionTicketExtension.StatelessKey ssk = serverCache.getKey();
n:
>
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext
> 2 1000
> 611: 2 64
> sun.security.ssl.SessionTicketExtension$StatelessKey (java.base@20-internal)
>
>
> I've attached the test program to the [JBS
> issue](https://bugs.openjdk.o
On Sun, 11 Dec 2022 20:38:16 GMT, Xue-Lei Andrew Fan wrote:
>> Currently, TLS session tickets introduced by
>> [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e.
>> `SessionTicketExtension$StatelessKey`) are generated in the class
>> `SessionTicketExtension` and they us
On Thu, 22 Dec 2022 18:59:14 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Moved stateless key logic from SSLContextImpl to SSLSessionContextImpl and
On Thu, 22 Dec 2022 18:54:16 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Moved stateless key logic from SSLContextImpl to SSLSessionContextImpl and
On Thu, 22 Dec 2022 17:15:36 GMT, Anthony Scarpino
wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Moved stateless key logic from SSLContextImpl to SSLSessionContextImpl and
>> ad
On Thu, 22 Dec 2022 19:13:21 GMT, Xue-Lei Andrew Fan wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Moved stateless key logic from SSLContextImpl to SSLSessionContextImpl and
n:
>
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext
> 2 1000
> 611: 2 64
> sun.security.ssl.SessionTicketExtension$StatelessKey (java.base@20-internal)
>
>
> I've attached the test program to the [JBS
> issue](https://bugs.openjdk.o
On Thu, 22 Dec 2022 14:56:16 GMT, Volker Simonis wrote:
>>> The same example with the 1000 connections being opened alternatively on
>>> two different contexts will instead create 1000 `StatelessKey` instances:
>>
>> That's obviously not the expected beh
n:
>
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext
> 2 1000
> 611: 2 64
> sun.security.ssl.SessionTicketExtension$StatelessKey (java.base@20-internal)
>
>
> I've attached the test program to the [JBS
> issue](https://bugs.openjdk.o
On Mon, 2 Jan 2023 03:05:27 GMT, Xue-Lei Andrew Fan wrote:
> Looks good to me. Thanks!
Thanks @XueleiFan!
I've updated the copyright year to 2023 and will wait one or two more days just
in case @ascarpino wants to take one more look as well.
-
PR: https://git.openjdk.org/jdk/pull
On Sat, 7 Jan 2023 08:21:38 GMT, Sergey Bylokhov wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/S
On Sat, 7 Jan 2023 08:26:12 GMT, Sergey Bylokhov wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/S
On Sat, 7 Jan 2023 08:24:42 GMT, Sergey Bylokhov wrote:
>> Volker Simonis has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/S
On Tue, 3 Jan 2023 17:43:43 GMT, Volker Simonis wrote:
>> Looks good to me. Thanks!
>
>> Looks good to me. Thanks!
>
> Thanks @XueleiFan!
>
> I've updated the copyright year to 2023 and will wait one or two more days
> just in case @ascarpino wants t
On Mon, 9 Jan 2023 17:34:06 GMT, Sergey Bylokhov wrote:
> Please clarify that, if the field is updated on one thread under synchronized
> block, why we will read the correct "currentKeyID" here on another thread if
> no synchronization is used in this place?
I only said that if another thread
On Thu, 8 Dec 2022 13:09:11 GMT, Volker Simonis wrote:
> Currently, TLS session tickets introduced by
> [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e.
> `SessionTicketExtension$StatelessKey`) are generated in the class
> `SessionTicketExtension` an
On Mon, 30 Oct 2023 17:26:53 GMT, Yakov Shafranovich wrote:
> The various Zip/Jar-file related Java APIs have some long-standing
> differences or peculiarities with respect to the ZIP-file specification or
> compared to other implementations which should be documented in the API-doc.
> This do
On Mon, 30 Oct 2023 17:26:53 GMT, Yakov Shafranovich wrote:
> The various Zip/Jar-file related Java APIs have some long-standing
> differences or peculiarities with respect to the ZIP-file specification or
> compared to other implementations which should be documented in the API-doc.
> This do
Hi,
What's the status of Project Brisbane? According to [1], the Project
was approved two month ago on April 4th, but until now I can't find it
listed on openjdk.org nor can I find a corresponding mailing list?
Best regards,
Volker
[1] https://mail.openjdk.org/pipermail/announce/2024-April/00035
36 matches
Mail list logo
