You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/25 09:51:10 UTC

[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 0c5c6b6  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
0c5c6b6 is described below

commit 0c5c6b60c76cfd2c085437e79d85c622c852b18a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jul 25 10:49:28 2019 +0100

    Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
    
    Allow users to specify infinite TLS session cache and/or timeout
---
 java/org/apache/tomcat/util/net/SSLHostConfig.java |  3 ++-
 java/org/apache/tomcat/util/net/SSLUtilBase.java   |  7 +++++--
 webapps/docs/changelog.xml                         |  4 ++++
 webapps/docs/config/http.xml                       | 12 ++++++++----
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 56d8152..57a17eb 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -99,7 +99,8 @@ public class SSLHostConfig implements Serializable {
     private List<String> jsseCipherNames = null;
     private String honorCipherOrder = null;
     private Set<String> protocols = new HashSet<>();
-    private int sessionCacheSize = 0;
+    // Values <0 mean use the implementation default
+    private int sessionCacheSize = -1;
     private int sessionTimeout = 86400;
     // JSSE
     private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index beb6fd4..00df440 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -256,10 +256,13 @@ public abstract class SSLUtilBase implements SSLUtil {
 
     @Override
     public void configureSessionContext(SSLSessionContext sslSessionContext) {
-        if (sslHostConfig.getSessionCacheSize() > 0) {
+        // <0 - don't set anything - use the implementation default
+        if (sslHostConfig.getSessionCacheSize() >= 0) {
             sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
         }
-        if (sslHostConfig.getSessionTimeout() > 0) {
+
+        // <0 - don't set anything - use the implementation default
+        if (sslHostConfig.getSessionTimeout() >= 0) {
             sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
         }
     }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 50c853b..f798aee 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -90,6 +90,10 @@
         internal error that results in a 500 response. (markt)
       </fix>
       <fix>
+        <bug>63571</bug>: Allow users to configure infinite TLS session caches
+        and/or timeouts. (markt)
+      </fix>
+      <fix>
         <bug>63578</bug>: Improve handling of invalid requests so that 400
         responses are returned to the client rather than 500 responses. (markt)
       </fix>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 1b6be0a..14c0cae 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1319,14 +1319,18 @@
     </attribute>
 
     <attribute name="sessionCacheSize" required="false">
-      <p>The number of SSL sessions to maintain in the session cache. Use 0 to
-      specify an unlimited cache size. If not specified, a default of 0 is
-      used.</p>
+      <p>The number of SSL sessions to maintain in the session cache. Specify
+      <code>-1</code> to use the implementation default. Values of zero and
+      above are passed to the implementation. Zero is used to specify an
+      unlimited cache size and is not recommended. If not specified, a default
+      of <code>-1</code> is used.</p>
     </attribute>
 
     <attribute name="sessionTimeout" required="false">
       <p>The time, in seconds, after the creation of an SSL session that it will
-      timeout. Use 0 to specify an unlimited timeout. If not specified, a
+      timeout. Specify <code>-1</code> to use the implementation default. Values
+      of zero and above are passed to the implementation. Zero is used to
+      specify an unlimited timeout and is not recommended. If not specified, a
       default of 86400 (24 hours) is used.</p>
     </attribute>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org