cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Grzegorz Mucha (JIRA)" <j...@apache.org>
Subject [jira] Updated: (CXF-2976) Allow to configure SSL session cache size and TTL on the client
Date Wed, 08 Sep 2010 12:40:33 GMT

     [ https://issues.apache.org/jira/browse/CXF-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Grzegorz Mucha updated CXF-2976:
--------------------------------

    Attachment: sslSessionTimeout.patch

Attached sample patch file

> Allow to configure SSL session cache size and TTL on the client
> ---------------------------------------------------------------
>
>                 Key: CXF-2976
>                 URL: https://issues.apache.org/jira/browse/CXF-2976
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.2.6, 2.2.7
>         Environment: Windows/Linux, jdk1.6
>            Reporter: Grzegorz Mucha
>         Attachments: sslSessionTimeout.patch
>
>
> JDK SSL connectivity maintains a cache of SSLSessions that it reuses for subsequent connection.
Unfortunately the default TTL in this cache is set to 24h. We have ran into an issue with
a specific environment setup on the server side - with a F5 loadbalancer doing SSL offloading,
the SSL sessions were valid on the load balancer but were broken beyond that point. The problem
turned out the TTL of that cache being too long - in our case tuning it down to 60 seconds
resolved the issue. FWIW we have actually encountered this issue with multiple vendors.
> The timeout can be configured via SSLSession.getClientSessionContext().setSessionTimeout(int)
- the suggestion is to add this parameter to be configured via TLSClientParams. Unfortunately
the only way that the SSLSession is now accessed/configured is inside HttpsURLConnectionFactory
- and this class is right now tightly coupled to a HttpConduit. There isn't actually a way
to set the default TTL  - or set it globally in the JVM

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message