OpenJDK / jdk-updates / jdk11u
changeset 52904:9261116c4dad
8234408: Improve TLS session handling
Reviewed-by: ascarpino, jjiang, ahgross, ssahoo, mullan, andrew
| author | xuelei |
|---|---|
| date | Mon, 25 Nov 2019 09:50:30 -0800 |
| parents | 4322d31049b0 |
| children | a839d7be4c48 |
| files | src/java.base/share/classes/sun/security/ssl/ClientHello.java src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java src/java.base/share/classes/sun/security/ssl/TransportContext.java |
| diffstat | 4 files changed, 4 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/ClientHello.java Wed Dec 11 16:35:43 2019 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/ClientHello.java Mon Nov 25 09:50:30 2019 -0800 @@ -407,7 +407,7 @@ ProtocolVersion maxProtocolVersion = chc.maximumActiveProtocol; // session ID of the ClientHello message - SessionId sessionId = SSLSessionImpl.nullSession.getSessionId(); + SessionId sessionId = new SessionId(new byte[0]); // a list of cipher suites sent by the client List<CipherSuite> cipherSuites = chc.activeCipherSuites;
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Wed Dec 11 16:35:43 2019 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Mon Nov 25 09:50:30 2019 -0800 @@ -68,11 +68,6 @@ final class SSLSessionImpl extends ExtendedSSLSession { /* - * we only really need a single null session - */ - static final SSLSessionImpl nullSession = new SSLSessionImpl(); - - /* * The state of a single session, as described in section 7.1 * of the SSLv3 spec. */ @@ -141,7 +136,7 @@ * be used either by a client or by a server, as a connection is * first opened and before handshaking begins. */ - private SSLSessionImpl() { + SSLSessionImpl() { this.protocolVersion = ProtocolVersion.NONE; this.cipherSuite = CipherSuite.C_NULL; this.sessionId = new SessionId(false, null); @@ -777,15 +772,6 @@ */ @Override public synchronized void invalidate() { - // - // Can't invalidate the NULL session -- this would be - // attempted when we get a handshaking error on a brand - // new connection, with no "real" session yet. - // - if (this == nullSession) { - return; - } - if (context != null) { context.remove(sessionId); context = null;
--- a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Wed Dec 11 16:35:43 2019 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Nov 25 09:50:30 2019 -0800 @@ -334,7 +334,7 @@ SSLLogger.severe("handshake failed", ioe); } - return SSLSessionImpl.nullSession; + return new SSLSessionImpl(); } return conContext.conSession;
--- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java Wed Dec 11 16:35:43 2019 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java Mon Nov 25 09:50:30 2019 -0800 @@ -131,7 +131,7 @@ this.isUnsureMode = isUnsureMode; // initial security parameters - this.conSession = SSLSessionImpl.nullSession; + this.conSession = new SSLSessionImpl(); this.protocolVersion = this.sslConfig.maximumProtocolVersion; this.clientVerifyData = emptyByteArray; this.serverVerifyData = emptyByteArray;