As Tomcat is using JSSE, there is a way to control the size of the SSL session's cache. Define a property called javax.net.ssl.sessionCacheSize with a non zero value: it will lower the total number of entries in the cache. By default, it is 0 so no sizing is performed. The defaut value of the ssltimeout is 86400 seconds ie 1 day. It cannot be changed with a property (on Java5).
Regards Jeff MAURY Caldarale, Charles R wrote: > >> From: Yuval Perlov [mailto:[EMAIL PROTECTED] >> Subject: Re: ssl.SessionId Cache keeps growing > >> Been all over those objects thinking I can set a system >> wide default. > > There is the JVM -XX:SoftRefLRUPolicyMSPerMB=n option, where n is > defined as "Number of milliseconds per MB of free space in the heap". > This is used to calculate the maximum time to leave a softly reachable > object around. If you set it to zero, the SSLSessionId cache should > disappear pretty quickly if you force a major GC every now and then. > (The default value is 1000). > >> > Try an allocation of a gigantic array to force >> > SoftReferences to be discarded, then clear the >> > reference to the array, and force another GC. >> > Ugly, and it probably has really nasty side >> > effects. >> >> This is creative but extremely dangerous since I don't know how much >> real free memory I have. > > Doesn't matter - the goal is to force an allocation failure thereby > causing a major GC that also processes SoftReference objects. A normal > System.gc() call won't do that, since there's no allocation failure > involved. The second major GC is required to ensure the SoftReference > referents are actually released (not sure if that's still needed with > the current GC algorithms). > >> > Submit an enhancement request, preferably with a patch for new >> > attributes on the <Contector> elements to control the behavior. >> >> How do I do that? > > http://tomcat.apache.org/bugreport.html > >> I have a feeling they are keeping the SoftReferences even >> after their default time has elapsed > > I suspect the default time limit for SSLSession cache, like the default > space limit, is infinite. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/ssl.SessionId-Cache-keeps-growing-tp14999824p15839466.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
