Re: [jetty-users] SSL session cache not working as expected

[Joakim Erdfelt <joakim@xxxxxxxxxxx>]

SslContextFactory has 2 settings.

public void setSslSessionTimeout(int sslSessionTimeout)

public void setSslSessionCacheSize(int sslSessionCacheSize)

If unset, these use JVM defaults.

The JVM defaults have changed a few times over the past few years.

It used to be .. unlimited cache and 24 hour timeout, but that's no longer true.

https://bugs.openjdk.java.net/browse/JDK-8210985

https://bugs.openjdk.java.net/browse/JDK-8224766

https://bugs.openjdk.java.net/browse/JDK-8213577

You'll want to set the SslContextFactory settings for sessions to something appropriate on the server side.

But you'll also want to use an up to date JVM to get any benefits.

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Thu, Jan 16, 2020 at 7:47 PM Manpreet Singh <manpreet.singh@xxxxxxx> wrote:

Hi,

 

We are using Jetty HTTP Client (from 9.4.10) and making connections to a Jetty server (9.2.17)  embedded via Spring Boot. At every HTTP request the full SSL handshake takes place.

The same HTTP client when talking to Microsoft IIS server is caching the sessions just fine.

 

The Idle timeout interval on the client is set to be 1 hour. We are using SSL debug tracing but cannot find any clues. Also a connection request with OPenSSL s_client also shows new handshakes every time.

 

Any assistance will be appreciated.

 

Thanks,

Manpreet

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users