You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Maxim Egorov (Jira)" <ji...@apache.org> on 2021/02/08 14:46:00 UTC
[jira] [Comment Edited] (HTTPCLIENT-2134) HttpClient doesn't reuse
TLS 1.2 Session
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281116#comment-17281116 ]
Maxim Egorov edited comment on HTTPCLIENT-2134 at 2/8/21, 2:45 PM:
-------------------------------------------------------------------
Hello, Oleg
Thanks for reply. I am expecting reuse of old tls session. HttpURLConnection reuse old tls session, so i am expecting the same behavior from HttpClient under the same conditions (Client support extended master key extension, server doesn't) and can't disable support of extended master key extension for client. Because of creating new tls session throught full handshake is not cheap operation, so it would be nice if the fix solve this problem
was (Author: m_v_egorov):
Hello, Oleg
Thanks for reply. I am expecting reuse of old tls session. HttpURLConnection reuse old tls session, so i am expecting the same behavior from HttpClient under the same conditions (Client support extended master key extension, server doesn't). Because of creating new tls session throught full handshake is not cheap operation, so it would be nice if the fix solve this problem
> HttpClient doesn't reuse TLS 1.2 Session
> ----------------------------------------
>
> Key: HTTPCLIENT-2134
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2134
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13, 5.0.3
> Reporter: Maxim Egorov
> Priority: Major
> Attachments: TestApacheHttpClientApp.java, handshake.log
>
>
> To reproduce run on java 11+:
> java -cp ... -Djavax.net.debug=ssl:handshake TestApacheHttpClientApp
> As you can see from handshake.log file HttpClient always create new tls session.
> The root of problem is support of Extended Master Key Extension in [https://github.com/openjdk/jdk/blob/jdk-11+28/src/java.base/share/classes/sun/security/ssl/ClientHello.java#L497.] The standard jdk HttpURLConnection doesn't be affected this issues because of it sets chc.sslConfig.identificationProtocol equals to HTTPS by default [https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java#L560.] I tried to repeat the same trick (The commented code), but due to the bugs of JDK [https://bugs.openjdk.java.net/browse/JDK-8253368] and may be incorrect implementation of method org.apache.http.impl.BHttpConnectionBase.close it doesn't work.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org