On Tue, 20 May 2025 17:14:06 GMT, Artur Barashev <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 324:
>>
>>> 322: b = Record.getBytes8(buf);
>>> 323: if (b.length > 0) {
>>> 324: String alg = new String(b);
>>
>> Please remove the algorithm names from the session ticket. They were not
>> used, and I don't see any reason to start using them now.
>
> Hm.. they are being specified everywhere else in SSL code. So I guess we
> should pass an empty string to `SecretKeySpec` constructor then?
Before this PR we used a hardcoded algorithm name "TlsMasterSecret" for both
the PSK and the master secret. I think we can keep it.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25310#discussion_r2098676859
