8190917: SSL session resumption broken for protocols other than TLSv1.2

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

8190917: SSL session resumption broken for protocols other than TLSv1.2

Jaikiran Pai
(Moved from jdk9-dev list[1] to here)

I would like to contribute a patch, containing a potential fix and a
test case, to the issue reported at
https://bugs.openjdk.java.net/browse/JDK-8190917. This is going to be my
first contribution to OpenJDK, so I would need some guidance/help in
having this reviewed/merged, please.

To give a quick overview of this specific bug - the issue relates to SSL
session resumption which is no longer functional in Java 9 for SSL
protocols other than TLSv1.2. The JIRA itself has more extensive details
and a test case which reproduces the issue.

So far, I have followed various documentation to setup and build OpenJDK
locally. I have completed the following set of basic tasks:

     - Checked out the mercurial repo for jdk
(http://hg.openjdk.java.net/jdk/jdk)
     - Built the JDK locally, following the instructions under
doc/building.md
     - Run some of the basic tests successfully

I have also signed and submitted the Oracle Contributor Agreement in a
mail a few hours back.

Right now I have the patch with the potential fix ready and also have a
(jtreg) testcase which reproduces the issue and verifies the bug fix. I
would like to understand what my next steps should be. More specifically:

     1. How do I initiate a review of the proposed change? Should I
start a new discussion, in this very mailing list, with the subject line
having [PATCH], an attachment with the patch and the details about the
change? Or should I be attaching the proposed change in this current
discussion itself?

     2. The "How to contribute" guide states "Your patch must be built
and tested on all relevant platforms before submission." I use Mac OS
for development and that's the only system I have access to. Would I be
required to test this change on other *nix and Windows OS?

[1]
http://mail.openjdk.java.net/pipermail/jdk9-dev/2017-November/006050.html
[2] http://openjdk.java.net/contribute/

-Jaikiran

Reply | Threaded
Open this post in threaded view
|

Re: 8190917: SSL session resumption broken for protocols other than TLSv1.2

Xuelei Fan-2
On 11/9/2017 9:00 PM, Jaikiran Pai wrote:

> (Moved from jdk9-dev list[1] to here)
>
> I would like to contribute a patch, containing a potential fix and a
> test case, to the issue reported at
> https://bugs.openjdk.java.net/browse/JDK-8190917. This is going to be my
> first contribution to OpenJDK, so I would need some guidance/help in
> having this reviewed/merged, please.
>
> To give a quick overview of this specific bug - the issue relates to SSL
> session resumption which is no longer functional in Java 9 for SSL
> protocols other than TLSv1.2. The JIRA itself has more extensive details
> and a test case which reproduces the issue.
>
> So far, I have followed various documentation to setup and build OpenJDK
> locally. I have completed the following set of basic tasks:
>
>      - Checked out the mercurial repo for jdk
> (http://hg.openjdk.java.net/jdk/jdk)
>      - Built the JDK locally, following the instructions under
> doc/building.md
>      - Run some of the basic tests successfully
>
> I have also signed and submitted the Oracle Contributor Agreement in a
> mail a few hours back.
>
> Right now I have the patch with the potential fix ready and also have a
> (jtreg) testcase which reproduces the issue and verifies the bug fix. I
> would like to understand what my next steps should be. More specifically:
>
>      1. How do I initiate a review of the proposed change? Should I
> start a new discussion, in this very mailing list, with the subject line
> having [PATCH], an attachment with the patch and the details about the
> change? Or should I be attaching the proposed change in this current
> discussion itself?
>
Per the "3. Submit a patch" section of the "How to contribute" page [2],
I may start patch with a subject line of the form "[PATCH] 8190917: Java
9 regression : SSL session resumption, through handshake, in SSLEngine
is broken for any protocols lesser than TLSv1.2".  See more of "3.
Submit a patch" section about what should be contained in the patch mail.

>      2. The "How to contribute" guide states "Your patch must be built
> and tested on all relevant platforms before submission." I use Mac OS
> for development and that's the only system I have access to. Would I be
> required to test this change on other *nix and Windows OS?
>
I would not submit a patch without test on all relevant platforms.  If
you only have one platform, you may want to work with your sponsor or
other contributors for the testing on the relevant platforms.

Xuelei

> [1]
> http://mail.openjdk.java.net/pipermail/jdk9-dev/2017-November/006050.html
> [2] http://openjdk.java.net/contribute/
>
> -Jaikiran
>
Reply | Threaded
Open this post in threaded view
|

Re: 8190917: SSL session resumption broken for protocols other than TLSv1.2

Jaikiran Pai

On 10/11/17 9:41 PM, Xuelei Fan wrote:

> On 11/9/2017 9:00 PM, Jaikiran Pai wrote:
>
>>      2. The "How to contribute" guide states "Your patch must be
>> built and tested on all relevant platforms before submission." I use
>> Mac OS for development and that's the only system I have access to.
>> Would I be required to test this change on other *nix and Windows OS?
>>
> I would not submit a patch without test on all relevant platforms.  If
> you only have one platform, you may want to work with your sponsor or
> other contributors for the testing on the relevant platforms.
>
> Xuelei
Anyone willing to sponsor this, please?

-Jaikiran
Reply | Threaded
Open this post in threaded view
|

Re: 8190917: SSL session resumption broken for protocols other than TLSv1.2

Xuelei Fan-2


On 11/10/2017 7:38 PM, Jaikiran Pai wrote:

>
> On 10/11/17 9:41 PM, Xuelei Fan wrote:
>> On 11/9/2017 9:00 PM, Jaikiran Pai wrote:
>>
>>>      2. The "How to contribute" guide states "Your patch must be
>>> built and tested on all relevant platforms before submission." I use
>>> Mac OS for development and that's the only system I have access to.
>>> Would I be required to test this change on other *nix and Windows OS?
>>>
>> I would not submit a patch without test on all relevant platforms.  If
>> you only have one platform, you may want to work with your sponsor or
>> other contributors for the testing on the relevant platforms.
>>
>> Xuelei
> Anyone willing to sponsor this, please?
>
After you get an accept note for the Oracle Contributor Agreement,
please attach your patch in your mail to security-dev@openjdk.  It's a
open platform, someone may pick it up for the testing for you.

Xuelei

> -Jaikiran
Reply | Threaded
Open this post in threaded view
|

Re: 8190917: SSL session resumption broken for protocols other than TLSv1.2

Jaikiran Pai
Thank you Xuelei, will do.

-Jaikiran


On 11/11/17 11:09 AM, Xuelei Fan wrote:

>
>
> On 11/10/2017 7:38 PM, Jaikiran Pai wrote:
>>
>> On 10/11/17 9:41 PM, Xuelei Fan wrote:
>>> On 11/9/2017 9:00 PM, Jaikiran Pai wrote:
>>>
>>>>      2. The "How to contribute" guide states "Your patch must be
>>>> built and tested on all relevant platforms before submission." I
>>>> use Mac OS for development and that's the only system I have access
>>>> to. Would I be required to test this change on other *nix and
>>>> Windows OS?
>>>>
>>> I would not submit a patch without test on all relevant platforms. 
>>> If you only have one platform, you may want to work with your
>>> sponsor or other contributors for the testing on the relevant
>>> platforms.
>>>
>>> Xuelei
>> Anyone willing to sponsor this, please?
>>
> After you get an accept note for the Oracle Contributor Agreement,
> please attach your patch in your mail to security-dev@openjdk.  It's a
> open platform, someone may pick it up for the testing for you.
>
> Xuelei
>
>> -Jaikiran