[
https://issues.apache.org/jira/browse/CXF-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Grzegorz Mucha updated CXF-2976:
--------------------------------
Attachment: sslSessionTimeout.patch
Attached sample patch file
> Allow to configure SSL session cache size and TTL on the client
> ---------------------------------------------------------------
>
> Key: CXF-2976
> URL: https://issues.apache.org/jira/browse/CXF-2976
> Project: CXF
> Issue Type: Improvement
> Components: Transports
> Affects Versions: 2.2.6, 2.2.7
> Environment: Windows/Linux, jdk1.6
> Reporter: Grzegorz Mucha
> Attachments: sslSessionTimeout.patch
>
>
> JDK SSL connectivity maintains a cache of SSLSessions that it reuses for
> subsequent connection. Unfortunately the default TTL in this cache is set to
> 24h. We have ran into an issue with a specific environment setup on the
> server side - with a F5 loadbalancer doing SSL offloading, the SSL sessions
> were valid on the load balancer but were broken beyond that point. The
> problem turned out the TTL of that cache being too long - in our case tuning
> it down to 60 seconds resolved the issue. FWIW we have actually encountered
> this issue with multiple vendors.
> The timeout can be configured via
> SSLSession.getClientSessionContext().setSessionTimeout(int) - the suggestion
> is to add this parameter to be configured via TLSClientParams. Unfortunately
> the only way that the SSLSession is now accessed/configured is inside
> HttpsURLConnectionFactory - and this class is right now tightly coupled to a
> HttpConduit. There isn't actually a way to set the default TTL - or set it
> globally in the JVM
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
