> The stateless session ticket is included in the ClientHello message, either > in the stateless_ticket extension (pre-TLS1.3), or in the pre_shared_key > extension (TLS1.3). With the current construction, the ticket is often the > largest contributor to the ClientHello message size. For example, in > HttpClient tests we observed a case where a non-resumption ClientHello > occupied 360 bytes, and the session ticket (pre_shared_key identity) included > in a resumption ClientHello occupied 1600+ bytes. > > ClientHello messages that do not fit in a single packet on the network can > greatly increase the handshake time on lossy networks. Ideally we would like > the ClientHello message to always fit in a single packet. > > When using QUIC as the underlying protocol, one packet can hold approximately > 1100 byte payload. Getting the session ticket size below 700 bytes should be > sufficient to make the ClientHello fit in a single packet > > Things done in this PR to reduce the ticket size in order of importance: > > 1. Remove local certificates. > 2. Compress tickets with the size 600 bytes or larger. > 3. Remove `peerSupportedSignAlgs`. > 4. Remove `pskIdentity` > 5. PreSharedKey is only needed by TLSv1.3, masterSecret is only needed by > pre-TLSv1.3 > 6. Remove `statusResponses` > > Tickets with a chain of 2 RSA peer certificates are still above 700 bytes > (about 1KB), but they are significantly reduced from prior size of about 3KB.
Artur Barashev has updated the pull request incrementally with one additional commit since the last revision: Bring back try-with-resources to compress/decompress methods ------------- Changes: - all: https://git.openjdk.org/jdk/pull/25310/files - new: https://git.openjdk.org/jdk/pull/25310/files/b27edb95..89ff22c8 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=25310&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=25310&range=03-04 Stats: 27 lines in 1 file changed: 7 ins; 6 del; 14 mod Patch: https://git.openjdk.org/jdk/pull/25310.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/25310/head:pull/25310 PR: https://git.openjdk.org/jdk/pull/25310
