You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/25 10:09:56 UTC

[tomcat] branch 7.0.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new d2b6b5b  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
d2b6b5b is described below

commit d2b6b5b7d11bf85421ee2b25a47692f24c9b6aef
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jul 25 11:09:42 2019 +0100

    Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
    
    Use the JSSE default TLS session cache size unless explicitly configured
    otherwise.
---
 .../org/apache/tomcat/util/net/jsse/JSSESocketFactory.java | 14 ++++++++------
 webapps/docs/changelog.xml                                 |  4 ++++
 webapps/docs/config/http.xml                               | 12 ++++++++----
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
index f987276..8980b71 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -94,7 +94,7 @@ public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
     private static final String defaultKeystoreType = "JKS";
     private static final String defaultKeystoreFile
         = System.getProperty("user.home") + "/.keystore";
-    private static final int defaultSessionCacheSize = 0;
+    private static final int defaultSessionCacheSize = -1;
     private static final int defaultSessionTimeout = 86400;
     private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
     public static final String DEFAULT_KEY_PASS = "changeit";
@@ -622,11 +622,13 @@ public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
     public void configureSessionContext(SSLSessionContext sslSessionContext) {
         int sessionCacheSize;
         if (endpoint.getSessionCacheSize() != null) {
-            sessionCacheSize = Integer.parseInt(
-                    endpoint.getSessionCacheSize());
+            sessionCacheSize = Integer.parseInt(endpoint.getSessionCacheSize());
         } else {
             sessionCacheSize = defaultSessionCacheSize;
         }
+        if (sessionCacheSize >= 0) {
+            sslSessionContext.setSessionCacheSize(sessionCacheSize);
+        }
 
         int sessionTimeout;
         if (endpoint.getSessionTimeout() != null) {
@@ -634,9 +636,9 @@ public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
         } else {
             sessionTimeout = defaultSessionTimeout;
         }
-
-        sslSessionContext.setSessionCacheSize(sessionCacheSize);
-        sslSessionContext.setSessionTimeout(sessionTimeout);
+        if (sessionTimeout >= 0) {
+            sslSessionContext.setSessionTimeout(sessionTimeout);
+        }
     }
 
     /**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7640b0b..95dee23 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -63,6 +63,10 @@
   <subsection name="Coyote">
     <changelog>
       <fix>
+        <bug>63571</bug>: Use the implementation default for JSSE TLS session
+        cache size. (markt)
+      </fix>
+      <fix>
         <bug>63578</bug>: Improve handling of invalid requests so that 400
         responses are returned to the client rather than 500 responses. (markt)
       </fix>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 63c80cc..c947d40 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1134,14 +1134,18 @@
     </attribute>
 
     <attribute name="sessionCacheSize" required="false">
-      <p>The number of SSL sessions to maintain in the session cache. Use 0 to
-      specify an unlimited cache size. If not specified, a default of 0 is
-      used.</p>
+      <p>The number of SSL sessions to maintain in the session cache. Specify
+      <code>-1</code> to use the implementation default. Values of zero and
+      above are passed to the implementation. Zero is used to specify an
+      unlimited cache size and is not recommended. If not specified, a default
+      of <code>-1</code> is used.</p>
     </attribute>
 
     <attribute name="sessionTimeout" required="false">
       <p>The time, in seconds, after the creation of an SSL session that it will
-      timeout. Use 0 to specify an unlimited timeout. If not specified, a
+      timeout. Specify <code>-1</code> to use the implementation default. Values
+      of zero and above are passed to the implementation. Zero is used to
+      specify an unlimited timeout and is not recommended. If not specified, a
       default of 86400 (24 hours) is used.</p>
     </attribute>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org