On Thu, 22 May 2025 19:23:22 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> The stateless session ticket is included in the ClientHello message, either >> in the stateless_ticket extension (pre-TLS1.3), or in the pre_shared_key >> extension (TLS1.3). With the current construction, the ticket is often the >> largest contributor to the ClientHello message size. For example, in >> HttpClient tests we observed a case where a non-resumption ClientHello >> occupied 360 bytes, and the session ticket (pre_shared_key identity) >> included in a resumption ClientHello occupied 1600+ bytes. >> >> ClientHello messages that do not fit in a single packet on the network can >> greatly increase the handshake time on lossy networks. Ideally we would like >> the ClientHello message to always fit in a single packet. >> >> When using QUIC as the underlying protocol, one packet can hold >> approximately 1100 byte payload. Getting the session ticket size below 700 >> bytes should be sufficient to make the ClientHello fit in a single packet >> >> Things done in this PR to reduce the ticket size in order of importance: >> >> 1. Remove local certificates. >> 2. Compress tickets with the size 600 bytes or larger. >> 3. Remove `peerSupportedSignAlgs`. >> 4. Remove `pskIdentity` >> 5. PreSharedKey is only needed by TLSv1.3, masterSecret is only needed by >> pre-TLSv1.3 >> 6. Remove `statusResponses` >> >> Tickets with a chain of 2 RSA peer certificates are still above 700 bytes >> (about 1KB), but they are significantly reduced from prior size of about 3KB. > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Assume "createPossession" can return more certificates than in the session > ticket Will have a look at this hopefully later today. ------------- PR Comment: https://git.openjdk.org/jdk/pull/25310#issuecomment-2902548217
