You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/25 10:09:56 UTC
[tomcat] branch 7.0.x updated: Fix
https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new d2b6b5b Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
d2b6b5b is described below
commit d2b6b5b7d11bf85421ee2b25a47692f24c9b6aef
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jul 25 11:09:42 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
Use the JSSE default TLS session cache size unless explicitly configured
otherwise.
---
.../org/apache/tomcat/util/net/jsse/JSSESocketFactory.java | 14 ++++++++------
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 12 ++++++++----
3 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
index f987276..8980b71 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -94,7 +94,7 @@ public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
private static final String defaultKeystoreType = "JKS";
private static final String defaultKeystoreFile
= System.getProperty("user.home") + "/.keystore";
- private static final int defaultSessionCacheSize = 0;
+ private static final int defaultSessionCacheSize = -1;
private static final int defaultSessionTimeout = 86400;
private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
public static final String DEFAULT_KEY_PASS = "changeit";
@@ -622,11 +622,13 @@ public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
public void configureSessionContext(SSLSessionContext sslSessionContext) {
int sessionCacheSize;
if (endpoint.getSessionCacheSize() != null) {
- sessionCacheSize = Integer.parseInt(
- endpoint.getSessionCacheSize());
+ sessionCacheSize = Integer.parseInt(endpoint.getSessionCacheSize());
} else {
sessionCacheSize = defaultSessionCacheSize;
}
+ if (sessionCacheSize >= 0) {
+ sslSessionContext.setSessionCacheSize(sessionCacheSize);
+ }
int sessionTimeout;
if (endpoint.getSessionTimeout() != null) {
@@ -634,9 +636,9 @@ public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
} else {
sessionTimeout = defaultSessionTimeout;
}
-
- sslSessionContext.setSessionCacheSize(sessionCacheSize);
- sslSessionContext.setSessionTimeout(sessionTimeout);
+ if (sessionTimeout >= 0) {
+ sslSessionContext.setSessionTimeout(sessionTimeout);
+ }
}
/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7640b0b..95dee23 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -63,6 +63,10 @@
<subsection name="Coyote">
<changelog>
<fix>
+ <bug>63571</bug>: Use the implementation default for JSSE TLS session
+ cache size. (markt)
+ </fix>
+ <fix>
<bug>63578</bug>: Improve handling of invalid requests so that 400
responses are returned to the client rather than 500 responses. (markt)
</fix>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 63c80cc..c947d40 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1134,14 +1134,18 @@
</attribute>
<attribute name="sessionCacheSize" required="false">
- <p>The number of SSL sessions to maintain in the session cache. Use 0 to
- specify an unlimited cache size. If not specified, a default of 0 is
- used.</p>
+ <p>The number of SSL sessions to maintain in the session cache. Specify
+ <code>-1</code> to use the implementation default. Values of zero and
+ above are passed to the implementation. Zero is used to specify an
+ unlimited cache size and is not recommended. If not specified, a default
+ of <code>-1</code> is used.</p>
</attribute>
<attribute name="sessionTimeout" required="false">
<p>The time, in seconds, after the creation of an SSL session that it will
- timeout. Use 0 to specify an unlimited timeout. If not specified, a
+ timeout. Specify <code>-1</code> to use the implementation default. Values
+ of zero and above are passed to the implementation. Zero is used to
+ specify an unlimited timeout and is not recommended. If not specified, a
default of 86400 (24 hours) is used.</p>
</attribute>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org