ges to offer such an
API.
Gruss
Bernd
--
http://bernd.eckenfels.net
*Von:* security-dev im Auftrag
von Anthony Scarpino
*Gesendet:* Tuesday, June 16, 2020 2:42:32 AM
*An:* OpenJDK Security
*Betreff:* Re: [RFR] 8229148: SSLSess
enfels.net
Von: security-dev im Auftrag von
Anthony Scarpino
Gesendet: Tuesday, June 16, 2020 2:42:32 AM
An: OpenJDK Security
Betreff: Re: [RFR] 8229148: SSLSession.invalidate() does not invalidate
stateless tickets
The specifications for TLS 1.3 (RFC 8446) and Stateless Resumption f
I added myself as reviewer of the CSR.
Xuelei
On 6/15/2020 5:42 PM, Anthony Scarpino wrote:
The specifications for TLS 1.3 (RFC 8446) and Stateless Resumption for
TLS 1.2 (RFC 5077) does not define session invalidation. Additionally,
RFC 5077 provides research that it is unnecessary. This chan
The specifications for TLS 1.3 (RFC 8446) and Stateless Resumption for
TLS 1.2 (RFC 5077) does not define session invalidation. Additionally,
RFC 5077 provides research that it is unnecessary. This change is to
clarify that session invalidation method in the Java API, in
javax.net.ssl.SSLSessio
Hi,
I'd like a review of this change to add session invalidation for
stateless resumption. It adds a cache that stateless resumes will check
against. The cache keeps track of only those sessions that are
invalidated, minimizing it's cost on the server. This is separate from
the existing se
