--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java	Fri Apr 05 11:17:09 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java	Fri Apr 05 11:28:23 2019 -0700
@@ -30,6 +30,7 @@
 import java.security.*;
 import java.security.cert.*;
 import java.util.*;
+import java.util.concurrent.locks.ReentrantLock;
 import javax.net.ssl.*;
 import sun.security.action.GetPropertyAction;
 import sun.security.provider.certpath.AlgorithmChecker;
@@ -69,6 +70,8 @@
 
     private volatile StatusResponseManager statusResponseManager;
 
+    private final ReentrantLock contextLock = new ReentrantLock();
+
     SSLContextImpl() {
         ephemeralKeyManager = new EphemeralKeyManager();
         clientCache = new SSLSessionContextImpl();
@@ -230,11 +233,14 @@
     // Used for DTLS in server mode only.
     HelloCookieManager getHelloCookieManager(ProtocolVersion protocolVersion) {
         if (helloCookieManagerBuilder == null) {
-            synchronized (this) {
+            contextLock.lock();
+            try {
                 if (helloCookieManagerBuilder == null) {
                     helloCookieManagerBuilder =
                             new HelloCookieManager.Builder(secureRandom);
                 }
+            } finally {
+                contextLock.unlock();
             }
         }
 
@@ -243,7 +249,8 @@
 
     StatusResponseManager getStatusResponseManager() {
         if (serverEnableStapling && statusResponseManager == null) {
-            synchronized (this) {
+            contextLock.lock();
+            try {
                 if (statusResponseManager == null) {
                     if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
                         SSLLogger.finest(
@@ -251,6 +258,8 @@
                     }
                     statusResponseManager = new StatusResponseManager();
                 }
+            } finally {
+                contextLock.unlock();
             }
         }