Allow to configure SSL session cache size and TTL on the client
---------------------------------------------------------------
Key: CXF-2976
URL: https://issues.apache.org/jira/browse/CXF-2976
Project: CXF
Issue Type: Improvement
Components: Transports
Affects Versions: 2.2.7, 2.2.6
Environment: Windows/Linux, jdk1.6
Reporter: Grzegorz Mucha
JDK SSL connectivity maintains a cache of SSLSessions that it reuses for
subsequent connection. Unfortunately the default TTL in this cache is set to
24h. We have ran into an issue with a specific environment setup on the server
side - with a F5 loadbalancer doing SSL offloading, the SSL sessions were valid
on the load balancer but were broken beyond that point. The problem turned out
the TTL of that cache being too long - in our case tuning it down to 60 seconds
resolved the issue. FWIW we have actually encountered this issue with multiple
vendors.
The timeout can be configured via
SSLSession.getClientSessionContext().setSessionTimeout(int) - the suggestion is
to add this parameter to be configured via TLSClientParams. Unfortunately the
only way that the SSLSession is now accessed/configured is inside
HttpsURLConnectionFactory - and this class is right now tightly coupled to a
HttpConduit. There isn't actually a way to set the default TTL - or set it
globally in the JVM
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
