On Thu, 19 Aug 2021 13:07:59 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> Corner case where a session resumption can fail if the TLS server changes
>> supported protocol versions in relation to a cached SSLSession. This is
>> primarily an issue where the legacy TLS version is used in place of the
>> newer "supported_versions" TLS extension.
>
> Sean Coffey has updated the pull request incrementally with one additional
> commit since the last revision:
>
> maxProtocolVersion refactoring
Changes requested by xuelei (Reviewer).
src/java.base/share/classes/sun/security/ssl/ClientHello.java line 547:
> 545: // handshake output stream, so that the output
> records
> 546: // (at the record layer) have the correct version
> 547: chc.setVersion(sessionVersion);
The removing of the call to "setVersion()" has an impact, I think. I think the
declaration of this method could be removed in HandshakeContext class, and set
the HandshakeContext.conContext.protocolVersion to
HandshakeContext.maximumActiveProtocol in the HandshakeContext.initialize()
method.
test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java line 60:
> 58: System.setProperty("javax.net.ssl.keyStorePassword", passwd);
> 59: System.setProperty("javax.net.ssl.trustStore", trustFilename);
> 60: System.setProperty("javax.net.ssl.trustStorePassword", passwd);
It is not recommended to use the binary key store files for JSSE test cases.
Please refer to test/jdk/javax/net/ssl/templates/SSLContextTemplate.java for a
replacement.
test/jdk/sun/security/ssl/SSLSessionImpl/InvalidateSession.java line 173:
> 171: }
> 172: }
> 173: }
Is a new line required in the end of file? I see red symbol in the review
board, I think the symbol may be generated by the GitHub.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5110
