TL;DR: Why does a client report HandshakeStatus.FINISHED twice? Can
production of NewSessionTicket be disabled?
A client (respectively server) becomes ready to encrypt application data
upon completing their side of handshaking: "Once a side has sent its
Finished message and has received and valid
I've written an OpenJDK-TLS manual, intended to ease readers into the most
recent TLS specification and OpenJDK's implementation. (At the very least,
it helped me get to grips with the spec and the code!) I've made the manual
available on GitHub (https://github.com/BenSmyth/tls-tutorial/) and a pdf
I've written a TLS manual, intended to ease readers into the most recent
specification. (At the very least, it helped me get to grips with the
spec!) I've now made the manual available on GitHub:
https://github.com/BenSmyth/tls-tutorial/
A pdf is also available (https://bensmyth.com/files/Smyth
I have written a TLS 1.3 tutorial (
https://bensmyth.com/publications/2019-TLS-tutorial/) which includes source
code from JDK 11. Whilst explaining the code, I noticed some possible
refactoring that would simplify the (JDK 11 & current) code base:
- createHkdfInfo is defined three times:
SSLBasicK
