1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8210985: Update the default SSL session cache size to 20480

Browse Source 
Reviewed-by: jnimeh, mullan
This commit is contained in:
Xue-Lei Andrew Fan 2018-11-29 08:43:12 -08:00
parent c03797a5d0
commit 388e1ebbba
3 changed files with 129 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -87,10 +87,17 @@ public interface SSLSessionContext {
* A check for sessions exceeding the timeout is made immediately whenever
* the timeout limit is changed for this <code>SSLSessionContext</code>.
*
* @param seconds the new session timeout limit in seconds; zero means
* there is no limit.
* @apiNote Note that the JDK Implementation uses default values for both
* the session cache size and timeout. See
* {@code getSessionCacheSize} and {@code getSessionTimeout} for
* more information. Applications should consider their
* performance requirements and override the defaults if necessary.
*
* @param seconds the new session timeout limit in seconds; zero means
* there is no limit.
*
* @throws IllegalArgumentException if the timeout specified is {@code < 0}.
*
* @exception IllegalArgumentException if the timeout specified is {@code < 0}.
* @see #getSessionTimeout
*/
public void setSessionTimeout(int seconds)
@ -109,33 +116,50 @@ public interface SSLSessionContext {
* whenever the timeout limit is changed for this
* <code>SSLSessionContext</code>.
*
* @implNote The JDK implementation returns the session timeout as set by
* the {@code setSessionTimeout} method, or if not set, a default
* value of 86400 seconds (24 hours).
*
* @return the session timeout limit in seconds; zero means there is no
* limit.
* limit.
*
* @see #setSessionTimeout
*/
public int getSessionTimeout();
/**
* Sets the size of the cache used for storing
* <code>SSLSession</code> objects grouped under this
* <code>SSLSessionContext</code>.
* Sets the size of the cache used for storing <code>SSLSession</code>
* objects grouped under this <code>SSLSessionContext</code>.
*
* @apiNote Note that the JDK Implementation uses default values for both
* the session cache size and timeout. See
* {@code getSessionCacheSize} and {@code getSessionTimeout} for
* more information. Applications should consider their
* performance requirements and override the defaults if necessary.
*
* @param size the new session cache size limit; zero means there is no
* limit.
* @exception IllegalArgumentException if the specified size is {@code < 0}.
* limit.
*
* @throws IllegalArgumentException if the specified size is {@code < 0}.
*
* @see #getSessionCacheSize
*/
public void setSessionCacheSize(int size)
throws IllegalArgumentException;
/**
* Returns the size of the cache used for storing
* <code>SSLSession</code> objects grouped under this
* <code>SSLSessionContext</code>.
* Returns the size of the cache used for storing <code>SSLSession</code>
* objects grouped under this <code>SSLSessionContext</code>.
*
* @implNote The JDK implementation returns the cache size as set by
* the {@code setSessionCacheSize} method, or if not set, the
* value of the {@systemProperty javax.net.ssl.sessionCacheSize}
* system property. If neither is set, it returns a default
* value of 20480.
*
* @return size of the session cache; zero means there is no size limit.
*
* @see #setSessionCacheSize
*/
public int getSessionCacheSize();
}

29
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View File

@ -32,11 +32,13 @@ import java.util.Locale;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import sun.security.action.GetPropertyAction;
import sun.security.action.GetIntegerAction;
import sun.security.util.Cache;
final class SSLSessionContextImpl implements SSLSessionContext {
private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
private final Cache<SessionId, SSLSessionImpl> sessionCache;
// session cache, session id as key
private final Cache<String, SSLSessionImpl> sessionHostPortCache;
@ -196,16 +198,29 @@ final class SSLSessionContextImpl implements SSLSessionContext {
}
private static int getDefaultCacheLimit() {
int defaultCacheLimit = 0;
try {
String s = GetPropertyAction
.privilegedGetProperty("javax.net.ssl.sessionCacheSize");
defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
int defaultCacheLimit = GetIntegerAction.privilegedGetProperty(
"javax.net.ssl.sessionCacheSize", DEFAULT_MAX_CACHE_SIZE);
if (defaultCacheLimit >= 0) {
return defaultCacheLimit;
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"invalid System Property javax.net.ssl.sessionCacheSize, " +
"use the default session cache size (" +
DEFAULT_MAX_CACHE_SIZE + ") instead");
}
} catch (Exception e) {
// swallow the exception
// unlikely, log it for safe
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"the System Property javax.net.ssl.sessionCacheSize is " +
"not available, use the default value (" +
DEFAULT_MAX_CACHE_SIZE + ") instead");
}
}
return (defaultCacheLimit > 0) ? defaultCacheLimit : 0;
return DEFAULT_MAX_CACHE_SIZE;
}
private boolean isTimedout(SSLSession sess) {

69
test/jdk/sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java Normal file
View File

@ -0,0 +1,69 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8210985
* @summary Update the default SSL session cache size to 20480
* @run main/othervm DefautlCacheSize
*/
// The SunJSSE provider cannot use System Properties in samevm/agentvm mode.
// Please run JSSE test in othervm mode.
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
public class DefautlCacheSize {
public static void main(String[] args) throws Exception {
SSLServerSocketFactory sssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
try (SSLServerSocket serverSocket =
(SSLServerSocket)sssf.createServerSocket()) {
String[] protocols = serverSocket.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslContext = SSLContext.getInstance(protocols[i]);
SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default server session cache size is infinite");
}
sessionContext = sslContext.getClientSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default client session cache size is infinite");
}
}
}
}
}