Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Enabling session resumption

Hi,

On Mon, Sep 23, 2019 at 1:10 PM Silvio Bierman
<sbierman@xxxxxxxxxxxxxxxxxx> wrote:
>
> Thank you Simone,
>
> I was aware of their less than up to date support for TLS1.3 which they
> only recently stopped calling "experimental". It is quite disappointing
> that their results are incorrect about this. We have been the subject of
> quite some pen testing where ssltest is part of the analysis and their
> results are taken as gospel. I will have to look into ways of providing
> alternative evidence.

Run with -Djavax.net.debug=all, you will see what the JDK TLS
implementation does, and they do print whether the session was
resumed.
Also, in Jetty, we do log in SslConnection whether the session was
resumed or not.

That should be enough to convince the pentesters.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.


Back to the top