archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8210985: Update the default SSL session cache size to 20480

Browse source 
Reviewed-by: jnimeh, mullan
This commit is contained in:
Xue-Lei Andrew Fan 2018-11-29 08:43:12 -08:00
parent c03797a5d0
commit 388e1ebbba
3 changed files with 129 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

52
src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -87,10 +87,17 @@ public interface SSLSessionContext {
* A check for sessions exceeding the timeout is made immediately whenever
* the timeout limit is changed for this <code>SSLSessionContext</code>.
*
* @param seconds the new session timeout limit in seconds; zero means
* there is no limit.
* @apiNote Note that the JDK Implementation uses default values for both
* the session cache size and timeout. See
* {@code getSessionCacheSize} and {@code getSessionTimeout} for
* more information. Applications should consider their
* performance requirements and override the defaults if necessary.
*
* @param seconds the new session timeout limit in seconds; zero means
* there is no limit.
*
* @throws IllegalArgumentException if the timeout specified is {@code < 0}.
*
* @exception IllegalArgumentException if the timeout specified is {@code < 0}.
* @see #getSessionTimeout
*/
public void setSessionTimeout(int seconds)
@ -109,33 +116,50 @@ public interface SSLSessionContext {
* whenever the timeout limit is changed for this
* <code>SSLSessionContext</code>.
*
* @implNote The JDK implementation returns the session timeout as set by
* the {@code setSessionTimeout} method, or if not set, a default
* value of 86400 seconds (24 hours).
*
* @return the session timeout limit in seconds; zero means there is no
* limit.
* limit.
*
* @see #setSessionTimeout
*/
public int getSessionTimeout();
/**
* Sets the size of the cache used for storing
* <code>SSLSession</code> objects grouped under this
* <code>SSLSessionContext</code>.
* Sets the size of the cache used for storing <code>SSLSession</code>
* objects grouped under this <code>SSLSessionContext</code>.
*
* @apiNote Note that the JDK Implementation uses default values for both
* the session cache size and timeout. See
* {@code getSessionCacheSize} and {@code getSessionTimeout} for
* more information. Applications should consider their
* performance requirements and override the defaults if necessary.
*
* @param size the new session cache size limit; zero means there is no
* limit.
* @exception IllegalArgumentException if the specified size is {@code < 0}.
* limit.
*
* @throws IllegalArgumentException if the specified size is {@code < 0}.
*
* @see #getSessionCacheSize
*/
public void setSessionCacheSize(int size)
throws IllegalArgumentException;
/**
* Returns the size of the cache used for storing
* <code>SSLSession</code> objects grouped under this
* <code>SSLSessionContext</code>.
* Returns the size of the cache used for storing <code>SSLSession</code>
* objects grouped under this <code>SSLSessionContext</code>.
*
* @implNote The JDK implementation returns the cache size as set by
* the {@code setSessionCacheSize} method, or if not set, the
* value of the {@systemProperty javax.net.ssl.sessionCacheSize}
* system property. If neither is set, it returns a default
* value of 20480.
*
* @return size of the session cache; zero means there is no size limit.
*
* @see #setSessionCacheSize
*/
public int getSessionCacheSize();
}

29
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View file

@ -32,11 +32,13 @@ import java.util.Locale;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import sun.security.action.GetPropertyAction;
import sun.security.action.GetIntegerAction;
import sun.security.util.Cache;
final class SSLSessionContextImpl implements SSLSessionContext {
private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
private final Cache<SessionId, SSLSessionImpl> sessionCache;
// session cache, session id as key
private final Cache<String, SSLSessionImpl> sessionHostPortCache;
@ -196,16 +198,29 @@ final class SSLSessionContextImpl implements SSLSessionContext {
}
private static int getDefaultCacheLimit() {
int defaultCacheLimit = 0;
try {
String s = GetPropertyAction
.privilegedGetProperty("javax.net.ssl.sessionCacheSize");
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
int defaultCacheLimit = GetIntegerAction.privilegedGetProperty(
"javax.net.ssl.sessionCacheSize", DEFAULT_MAX_CACHE_SIZE);
if (defaultCacheLimit >= 0) {
return defaultCacheLimit;
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"invalid System Property javax.net.ssl.sessionCacheSize, " +
"use the default session cache size (" +
DEFAULT_MAX_CACHE_SIZE + ") instead");
}
} catch (Exception e) {
// swallow the exception
// unlikely, log it for safe
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"the System Property javax.net.ssl.sessionCacheSize is " +
"not available, use the default value (" +
DEFAULT_MAX_CACHE_SIZE + ") instead");
}
}
return (defaultCacheLimit > 0) ? defaultCacheLimit : 0;
return DEFAULT_MAX_CACHE_SIZE;
}
private boolean isTimedout(SSLSession sess) {