On Thu, 19 Aug 2021 13:07:59 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> Corner case where a session resumption can fail if the TLS server changes >> supported protocol versions in relation to a cached SSLSession. This is >> primarily an issue where the legacy TLS version is used in place of the >> newer "supported_versions" TLS extension. > > Sean Coffey has updated the pull request incrementally with one additional > commit since the last revision: > > maxProtocolVersion refactoring Changes requested by xuelei (Reviewer). src/java.base/share/classes/sun/security/ssl/ClientHello.java line 547: > 545: // handshake output stream, so that the output > records > 546: // (at the record layer) have the correct version > 547: chc.setVersion(sessionVersion); The removing of the call to "setVersion()" has an impact, I think. I think the declaration of this method could be removed in HandshakeContext class, and set the HandshakeContext.conContext.protocolVersion to HandshakeContext.maximumActiveProtocol in the HandshakeContext.initialize() method. test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java line 60: > 58: System.setProperty("javax.net.ssl.keyStorePassword", passwd); > 59: System.setProperty("javax.net.ssl.trustStore", trustFilename); > 60: System.setProperty("javax.net.ssl.trustStorePassword", passwd); It is not recommended to use the binary key store files for JSSE test cases. Please refer to test/jdk/javax/net/ssl/templates/SSLContextTemplate.java for a replacement. test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java line 173: > 171: } > 172: } > 173: } Is a new line required in the end of file? I see red symbol in the review board, I think the symbol may be generated by the GitHub. ------------- PR: https://git.openjdk.java.net/jdk/pull/5110