Skip to content

8273042: TLS Certificate Compression #25647

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 11 commits into
base: master
Choose a base branch
from
Draft

8273042: TLS Certificate Compression #25647

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
99ab5db
8273042: TLS Certificate Compression
Feb 5, 2022
03d1c40
Merge
Feb 7, 2022
1f82acc
Merge
Feb 7, 2022
d294177
Merge
Feb 9, 2022
9a14011
8273042: TLS Certificate Compression
Feb 9, 2022
d088a0f
test and httpclient
Feb 11, 2022
3b507c4
Describe public APIs
Feb 15, 2022
a40e6a9
Merge
Feb 23, 2022
6413cbd
Merge branch 'master' into JDK-8273042
artur-oracle Jun 4, 2025
f30e3c5
Fixing a few problems after merging with master
artur-oracle Jun 4, 2025
0a3ba74
Use supported ZLIB compression
artur-oracle Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
315 changes: 315 additions & 0 deletions src/java.base/share/classes/javax/net/ssl/SSLParameters.java
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions src/java.base/share/classes/sun/security/ssl/Alert.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,8 @@ public void consume(ConnectionContext context,
// consumer so the state machine doesn't expect it.
tc.handshakeContext.handshakeConsumers.remove(
SSLHandshake.CERTIFICATE.id);
tc.handshakeContext.handshakeConsumers.remove(
SSLHandshake.COMPRESSED_CERTIFICATE.id);
tc.handshakeContext.handshakeConsumers.remove(
SSLHandshake.CERTIFICATE_VERIFY.id);
}
Expand Down
39 changes: 20 additions & 19 deletions src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -917,16 +917,26 @@ public byte[] produce(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in handshake context only.
HandshakeContext hc = (HandshakeContext)context;
if (hc.sslConfig.isClientMode) {
return onProduceCertificate(
(ClientHandshakeContext)context, message);
} else {
return onProduceCertificate(
T13CertificateMessage cm = hc.sslConfig.isClientMode ?
onProduceCertificate(
(ClientHandshakeContext)context, message) :
onProduceCertificate(
(ServerHandshakeContext)context, message);

// Output the handshake message.
if (hc.certDeflater == null) {
cm.write(hc.handshakeOutput);
hc.handshakeOutput.flush();
} else {
// Replace with CompressedCertificate message
CompressedCertificate.handshakeProducer.produce(hc, cm);
}

// The handshake message has been delivered.
return null;
}

private byte[] onProduceCertificate(ServerHandshakeContext shc,
private T13CertificateMessage onProduceCertificate(ServerHandshakeContext shc,
HandshakeMessage message) throws IOException {
ClientHelloMessage clientHello = (ClientHelloMessage)message;

Expand Down Expand Up @@ -984,12 +994,7 @@ private byte[] onProduceCertificate(ServerHandshakeContext shc,
SSLLogger.fine("Produced server Certificate message", cm);
}

// Output the handshake message.
cm.write(shc.handshakeOutput);
shc.handshakeOutput.flush();

// The handshake message has been delivered.
return null;
return cm;
}

private static SSLPossession choosePossession(
Expand Down Expand Up @@ -1028,7 +1033,7 @@ private static SSLPossession choosePossession(
return pos;
}

private byte[] onProduceCertificate(ClientHandshakeContext chc,
private T13CertificateMessage onProduceCertificate(ClientHandshakeContext chc,
HandshakeMessage message) throws IOException {
ClientHelloMessage clientHello = (ClientHelloMessage)message;
SSLPossession pos = choosePossession(chc, clientHello);
Expand Down Expand Up @@ -1071,12 +1076,7 @@ private byte[] onProduceCertificate(ClientHandshakeContext chc,
SSLLogger.fine("Produced client Certificate message", cm);
}

// Output the handshake message.
cm.write(chc.handshakeOutput);
chc.handshakeOutput.flush();

// The handshake message has been delivered.
return null;
return cm;
}
}

Expand All @@ -1096,6 +1096,7 @@ public void consume(ConnectionContext context,
HandshakeContext hc = (HandshakeContext)context;

// clean up this consumer
hc.handshakeConsumers.remove(SSLHandshake.COMPRESSED_CERTIFICATE.id);
hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id);
T13CertificateMessage cm = new T13CertificateMessage(hc, message);
if (hc.sslConfig.isClientMode) {
Expand Down
5 changes: 5 additions & 0 deletions src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -945,6 +945,11 @@ public byte[] produce(ConnectionContext context,
// update
//
shc.certRequestContext = crm.requestContext.clone();
if (shc.certInflaters != null && !shc.certInflaters.isEmpty()) {
shc.handshakeConsumers.put(
SSLHandshake.COMPRESSED_CERTIFICATE.id,
SSLHandshake.COMPRESSED_CERTIFICATE);
}
shc.handshakeConsumers.put(SSLHandshake.CERTIFICATE.id,
SSLHandshake.CERTIFICATE);
shc.handshakeConsumers.put(SSLHandshake.CERTIFICATE_VERIFY.id,
Expand Down
Loading