8234408: Improve TLS session handling

Reviewed-by: andrew

8234408: Improve TLS session handling
Reviewed-by: andrew
f7597b4e · abakhtin · 7e7b76aa · f7597b4e · f7597b4e · f7597b4e
4 changed file
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java
@@ -1337,7 +1337,7 @@ final class ClientHandshaker extends Handshaker {
    @Override
    HandshakeMessage getKickstartMessage() throws SSLException {
        // session ID of the ClientHello message
-        SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
+        SessionId sessionId = new SessionId(new byte[0]);
        // a list of cipher suites sent by the client
        CipherSuiteList cipherSuites = getActiveCipherSuites();

--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java
@@ -375,7 +375,7 @@ final public class SSLEngineImpl extends SSLEngine {
        }
        sslContext = ctx;
-        sess = SSLSessionImpl.nullSession;
+        sess = new SSLSessionImpl();
        handshakeSession = null;
        /*

--- a/src/share/classes/sun/security/ssl/SSLSessionImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLSessionImpl.java
@@ -73,11 +73,6 @@ import static sun.security.ssl.CipherSuite.KeyExchange.*;
 */
 final class SSLSessionImpl extends ExtendedSSLSession {
-    /*
-     * we only really need a single null session
-     */
-    static final SSLSessionImpl         nullSession = new SSLSessionImpl();
    // compression methods
    private static final byte           compression_null = 0;
@@ -148,7 +143,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
     * be used either by a client or by a server, as a connection is
     * first opened and before handshaking begins.
     */
-    private SSLSessionImpl() {
+    SSLSessionImpl() {
        this(ProtocolVersion.NONE, CipherSuite.C_NULL, null,
            new SessionId(false, null), null, -1, false, null);
    }
@@ -657,14 +652,6 @@ final class SSLSessionImpl extends ExtendedSSLSession {
     */
    @Override
    synchronized public void invalidate() {
-        //
-        // Can't invalidate the NULL session -- this would be
-        // attempted when we get a handshaking error on a brand
-        // new connection, with no "real" session yet.
-        //
-        if (this == nullSession) {
-            return;
-        }
        invalidated = true;
        if (debug != null && Debug.isOn("session")) {
            System.out.println("%% Invalidated:  " + this);

--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java
@@ -610,7 +610,7 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
     */
    private void init(SSLContextImpl context, boolean isServer) {
        sslContext = context;
-        sess = SSLSessionImpl.nullSession;
+        sess = new SSLSessionImpl();
        handshakeSession = null;
        /*