On Sat, 17 May 2025 00:03:10 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
>> respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
>> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
>> jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Updated copyright dates.
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1623:
> 1621: } finally {
> 1622: KeyUtil.destroySecretKeys(derivedSecret);
> 1623: }
The `derivedSecret` is destroyed and cleared. How about `exporterMasterSecret`?
Shall we also destroy it perhaps when the session is invalidated or closed?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2095944384
