Hi, On Mon, Sep 23, 2019 at 1:10 PM Silvio Bierman <[email protected]> wrote: > > Thank you Simone, > > I was aware of their less than up to date support for TLS1.3 which they > only recently stopped calling "experimental". It is quite disappointing > that their results are incorrect about this. We have been the subject of > quite some pen testing where ssltest is part of the analysis and their > results are taken as gospel. I will have to look into ways of providing > alternative evidence.
Run with -Djavax.net.debug=all, you will see what the JDK TLS implementation does, and they do print whether the session was resumed. Also, in Jetty, we do log in SslConnection whether the session was resumed or not. That should be enough to convince the pentesters. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
