jetty.project

History

Simone Bordet d53af5d737 Fixes #523 - TLS close behaviour breaking session resumption. Since requests cannot be connection delimited, don't call sslEngine.closeInbound() on the server. On the client, added a configuration parameter to allow missing TLS Close Message, since many servers do that. Introduced SslConnection.allowMissingCloseMessage so that it throws in case of truncation attacks.	2017-05-17 13:07:21 +02:00
..
main	Fixes #523 - TLS close behaviour breaking session resumption.	2017-05-17 13:07:21 +02:00
test	Fixes #523 - TLS close behaviour breaking session resumption.	2017-05-17 13:07:21 +02:00

Simone Bordet d53af5d737 Fixes #523 - TLS close behaviour breaking session resumption.

Since requests cannot be connection delimited, don't call
sslEngine.closeInbound() on the server.

On the client, added a configuration parameter to allow missing
TLS Close Message, since many servers do that.

Introduced SslConnection.allowMissingCloseMessage so that it
throws in case of truncation attacks.

2017-05-17 13:07:21 +02:00

main

Fixes #523 - TLS close behaviour breaking session resumption.

2017-05-17 13:07:21 +02:00

test

Fixes #523 - TLS close behaviour breaking session resumption.

2017-05-17 13:07:21 +02:00