The stateless session ticket is included in the ClientHello message, either in the stateless_ticket extension (pre-TLS1.3), or in the pre_shared_key extension (TLS1.3). With the current construction, the ticket is often the largest contributor to the ClientHello message size. For example, in HttpClient tests we observed a case where a non-resumption ClientHello occupied 360 bytes, and the session ticket (pre_shared_key identity) included in a resumption ClientHello occupied 1600+ bytes.
ClientHello messages that do not fit in a single packet on the network can greatly increase the handshake time on lossy networks. Ideally we would like the ClientHello message to always fit in a single packet. When using QUIC as the underlying protocol, one packet can hold approximately 1100 byte payload. Getting the session ticket size below 700 bytes should be sufficient to make the ClientHello fit in a single packet Things done in this PR to reduce the ticket size in order of importance: 1. Remove local certificates. 2. Compress tickets with the size 600 bytes or larger. 3. Remove `peerSupportedSignAlgs`. 4. Remove `pskIdentity` 5. PreSharedKey is only needed by TLSv1.3, masterSecret is only needed by pre-TLSv1.3 6. Remove `statusResponses` Tickets with a chain of 2 RSA peer certificates are still above 700 bytes (about 1KB), but they are significantly reduced from prior size of about 3KB. ------------- Commit messages: - Remove Status Responses from the session ticket - PreSharedKey is only needed by TLS1.3, masterSecret is only needed by pre-TLS1.3 - Remove pskIdentity from session ticket - Fix compressed ticket compression marker bug - Do not compress small tickets. Remove peerSupportedSignAlgs. - Load local certificates only when present in session ticket - Load local certificates - GZip new session ticket Changes: https://git.openjdk.org/jdk/pull/25310/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=25310&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8357033 Stats: 306 lines in 3 files changed: 92 ins; 110 del; 104 mod Patch: https://git.openjdk.org/jdk/pull/25310.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/25310/head:pull/25310 PR: https://git.openjdk.org/jdk/pull/25310
