8234408: Improve TLS session handling

Reviewed-by: ascarpino, jjiang, ahgross, ssahoo, mullan, andrew

8234408: Improve TLS session handling
Reviewed-by: ascarpino, jjiang, ahgross, ssahoo, mullan, andrew
632a1682 · xuelei · 632b36cb · 632a1682 · 632a1682 · 632a1682
4 changed file
--- a/src/java.base/share/classes/sun/security/ssl/ClientHello.java
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHello.java
@@ -407,7 +407,7 @@ final class ClientHello {
            ProtocolVersion maxProtocolVersion = chc.maximumActiveProtocol;
            // session ID of the ClientHello message
-            SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
+            SessionId sessionId = new SessionId(new byte[0]);
            // a list of cipher suites sent by the client
            List<CipherSuite> cipherSuites = chc.activeCipherSuites;

--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
@@ -67,11 +67,6 @@ import javax.net.ssl.SSLSessionContext;
 */
 final class SSLSessionImpl extends ExtendedSSLSession {
-    /*
-     * we only really need a single null session
-     */
-    static final SSLSessionImpl         nullSession = new SSLSessionImpl();
    /*
     * The state of a single session, as described in section 7.1
     * of the SSLv3 spec.
@@ -141,7 +136,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
     * be used either by a client or by a server, as a connection is
     * first opened and before handshaking begins.
     */
-    private SSLSessionImpl() {
+    SSLSessionImpl() {
        this.protocolVersion = ProtocolVersion.NONE;
        this.cipherSuite = CipherSuite.C_NULL;
        this.sessionId = new SessionId(false, null);
@@ -777,15 +772,6 @@ final class SSLSessionImpl extends ExtendedSSLSession {
     */
    @Override
    public synchronized void invalidate() {
-        //
-        // Can't invalidate the NULL session -- this would be
-        // attempted when we get a handshaking error on a brand
-        // new connection, with no "real" session yet.
-        //
-        if (this == nullSession) {
-            return;
-        }
        if (context != null) {
            context.remove(sessionId);
            context = null;

--- a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
@@ -334,7 +334,7 @@ public final class SSLSocketImpl
                SSLLogger.severe("handshake failed", ioe);
            }
-            return SSLSessionImpl.nullSession;
+            return new SSLSessionImpl();
        }
        return conContext.conSession;

--- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java
+++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java
@@ -131,7 +131,7 @@ class TransportContext implements ConnectionContext {
        this.isUnsureMode = isUnsureMode;
        // initial security parameters
-        this.conSession = SSLSessionImpl.nullSession;
+        this.conSession = new SSLSessionImpl();
        this.protocolVersion = this.sslConfig.maximumProtocolVersion;
        this.clientVerifyData = emptyByteArray;
        this.serverVerifyData = emptyByteArray;