You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Maxim Egorov (Jira)" <ji...@apache.org> on 2021/02/08 09:07:00 UTC

[jira] [Created] (HTTPCLIENT-2134) HttpClient doesnt reuse TLS 1.2 Session

Maxim Egorov created HTTPCLIENT-2134:
----------------------------------------

             Summary: HttpClient doesnt reuse TLS 1.2 Session
                 Key: HTTPCLIENT-2134
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2134
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient (classic)
    Affects Versions: 5.0.3, 4.5.13
            Reporter: Maxim Egorov
         Attachments: TestApacheHttpClientApp.java, handshake.log

To reproduce run on java 11+:

java -cp ... -Djavax.net.debug=ssl:handshake TestApacheHttpClientApp

As you can see from handshake.log file HttpClient always create new tls session.

The root of problem is support of Extended Master Key Extension in [https://github.com/openjdk/jdk/blob/jdk-11+28/src/java.base/share/classes/sun/security/ssl/ClientHello.java#L497.] The standard jdk HttpURLConnection doesn't be affected this issues because of it sets chc.sslConfig.identificationProtocol equals to HTTPS by default [https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java#L560.] I tried to repeat the same trick (The commented code), but due to the bugs of JDK [https://bugs.openjdk.java.net/browse/JDK-8253368] and may be incorrect implementation of method BHttpConnectionBase.close it doesn't work.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org