--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Wed Jul 17 13:41:12 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Wed Jul 17 14:37:50 2019 -0700
@@ -344,6 +344,12 @@
hsStatus = tryKeyUpdate(hsStatus);
}
+ // Check if NewSessionTicket PostHandshake message needs to be sent
+ if (conContext.conSession.updateNST &&
+ !conContext.sslConfig.isClientMode) {
+ hsStatus = tryNewSessionTicket(hsStatus);
+ }
+
// update context status
ciphertext.handshakeStatus = hsStatus;
@@ -397,6 +403,29 @@
return currentHandshakeStatus;
}
+ // Try to generate a PostHandshake NewSessionTicket message. This is
+ // TLS 1.3 only.
+ private HandshakeStatus tryNewSessionTicket(
+ HandshakeStatus currentHandshakeStatus) throws IOException {
+ // Don't bother to kickstart if handshaking is in progress, or if the
+ // connection is not duplex-open.
+ if ((conContext.handshakeContext == null) &&
+ conContext.protocolVersion.useTLS13PlusSpec() &&
+ !conContext.isOutboundClosed() &&
+ !conContext.isInboundClosed() &&
+ !conContext.isBroken) {
+ if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+ SSLLogger.finest("trigger NST");
+ }
+ conContext.conSession.updateNST = false;
+ NewSessionTicket.kickstartProducer.produce(
+ new PostHandshakeContext(conContext));
+ return conContext.getHandshakeStatus();
+ }
+
+ return currentHandshakeStatus;
+ }
+
private static void checkParams(
ByteBuffer[] srcs, int srcsOffset, int srcsLength,
ByteBuffer[] dsts, int dstsOffset, int dstsLength) {