--- a/src/java.base/share/classes/sun/security/ssl/ClientHello.java Tue Jul 10 08:20:13 2018 +0100
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHello.java Mon Jul 30 13:53:30 2018 -0400
@@ -35,6 +35,7 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
+import java.util.Objects;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
@@ -510,6 +511,23 @@
}
}
+ // ensure that the endpoint identification algorithm matches the
+ // one in the session
+ String identityAlg = chc.sslConfig.identificationProtocol;
+ if (session != null && identityAlg != null) {
+ String sessionIdentityAlg =
+ session.getIdentificationProtocol();
+ if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
+ if (SSLLogger.isOn &&
+ SSLLogger.isOn("ssl,handshake,verbose")) {
+ SSLLogger.finest("Can't resume, endpoint id" +
+ " algorithm does not match, requested: " +
+ identityAlg + ", cached: " + sessionIdentityAlg);
+ }
+ session = null;
+ }
+ }
+
if (session != null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Try resuming session", session);
@@ -1011,6 +1029,23 @@
}
}
+ // ensure that the endpoint identification algorithm matches the
+ // one in the session
+ String identityAlg = shc.sslConfig.identificationProtocol;
+ if (resumingSession && identityAlg != null) {
+ String sessionIdentityAlg =
+ previous.getIdentificationProtocol();
+ if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
+ if (SSLLogger.isOn &&
+ SSLLogger.isOn("ssl,handshake,verbose")) {
+ SSLLogger.finest("Can't resume, endpoint id" +
+ " algorithm does not match, requested: " +
+ identityAlg + ", cached: " + sessionIdentityAlg);
+ }
+ resumingSession = false;
+ }
+ }
+
// So far so good. Note that the handshake extensions may reset
// the resuming options later.
shc.isResumption = resumingSession;