Am 23.09.2019 um 15:13 schrieb Simone Bordet:
Run with -Djavax.net.debug=all, you will see what the JDK TLS implementation does, and they do print whether the session was resumed. Also, in Jetty, we do log in SslConnection whether the session was resumed or not. That should be enough to convince the pentesters.
It should be obvious in a Wireshark-trace as well which might be more suitable as "proof" when shown to pen testers who I assume are more "fluent" in Wireshark dumps than in reading javax.net- debug outputs. Cheers, Lothar _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
