8210985: Update the default SSL session cache size to 20480
Reviewed-by: jnimeh, mullan
--- a/src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java Thu Nov 29 09:19:16 2018 -0500
+++ b/src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java Thu Nov 29 08:43:12 2018 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -87,10 +87,17 @@
* A check for sessions exceeding the timeout is made immediately whenever
* the timeout limit is changed for this <code>SSLSessionContext</code>.
*
+ * @apiNote Note that the JDK Implementation uses default values for both
+ * the session cache size and timeout. See
+ * {@code getSessionCacheSize} and {@code getSessionTimeout} for
+ * more information. Applications should consider their
+ * performance requirements and override the defaults if necessary.
+ *
* @param seconds the new session timeout limit in seconds; zero means
- * there is no limit.
+ * there is no limit.
*
- * @exception IllegalArgumentException if the timeout specified is {@code < 0}.
+ * @throws IllegalArgumentException if the timeout specified is {@code < 0}.
+ *
* @see #getSessionTimeout
*/
public void setSessionTimeout(int seconds)
@@ -109,33 +116,50 @@
* whenever the timeout limit is changed for this
* <code>SSLSessionContext</code>.
*
+ * @implNote The JDK implementation returns the session timeout as set by
+ * the {@code setSessionTimeout} method, or if not set, a default
+ * value of 86400 seconds (24 hours).
+ *
* @return the session timeout limit in seconds; zero means there is no
- * limit.
+ * limit.
+ *
* @see #setSessionTimeout
*/
public int getSessionTimeout();
/**
- * Sets the size of the cache used for storing
- * <code>SSLSession</code> objects grouped under this
- * <code>SSLSessionContext</code>.
+ * Sets the size of the cache used for storing <code>SSLSession</code>
+ * objects grouped under this <code>SSLSessionContext</code>.
+ *
+ * @apiNote Note that the JDK Implementation uses default values for both
+ * the session cache size and timeout. See
+ * {@code getSessionCacheSize} and {@code getSessionTimeout} for
+ * more information. Applications should consider their
+ * performance requirements and override the defaults if necessary.
*
* @param size the new session cache size limit; zero means there is no
- * limit.
- * @exception IllegalArgumentException if the specified size is {@code < 0}.
+ * limit.
+ *
+ * @throws IllegalArgumentException if the specified size is {@code < 0}.
+ *
* @see #getSessionCacheSize
*/
public void setSessionCacheSize(int size)
throws IllegalArgumentException;
/**
- * Returns the size of the cache used for storing
- * <code>SSLSession</code> objects grouped under this
- * <code>SSLSessionContext</code>.
+ * Returns the size of the cache used for storing <code>SSLSession</code>
+ * objects grouped under this <code>SSLSessionContext</code>.
+ *
+ * @implNote The JDK implementation returns the cache size as set by
+ * the {@code setSessionCacheSize} method, or if not set, the
+ * value of the {@systemProperty javax.net.ssl.sessionCacheSize}
+ * system property. If neither is set, it returns a default
+ * value of 20480.
*
* @return size of the session cache; zero means there is no size limit.
+ *
* @see #setSessionCacheSize
*/
public int getSessionCacheSize();
-
}
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java Thu Nov 29 09:19:16 2018 -0500
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java Thu Nov 29 08:43:12 2018 -0800
@@ -32,11 +32,13 @@
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
-import sun.security.action.GetPropertyAction;
+import sun.security.action.GetIntegerAction;
import sun.security.util.Cache;
final class SSLSessionContextImpl implements SSLSessionContext {
+ private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
+
private final Cache<SessionId, SSLSessionImpl> sessionCache;
// session cache, session id as key
private final Cache<String, SSLSessionImpl> sessionHostPortCache;
@@ -196,16 +198,29 @@
}
private static int getDefaultCacheLimit() {
- int defaultCacheLimit = 0;
try {
- String s = GetPropertyAction
- .privilegedGetProperty("javax.net.ssl.sessionCacheSize");
- defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
+ int defaultCacheLimit = GetIntegerAction.privilegedGetProperty(
+ "javax.net.ssl.sessionCacheSize", DEFAULT_MAX_CACHE_SIZE);
+
+ if (defaultCacheLimit >= 0) {
+ return defaultCacheLimit;
+ } else if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+ SSLLogger.warning(
+ "invalid System Property javax.net.ssl.sessionCacheSize, " +
+ "use the default session cache size (" +
+ DEFAULT_MAX_CACHE_SIZE + ") instead");
+ }
} catch (Exception e) {
- // swallow the exception
+ // unlikely, log it for safe
+ if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+ SSLLogger.warning(
+ "the System Property javax.net.ssl.sessionCacheSize is " +
+ "not available, use the default value (" +
+ DEFAULT_MAX_CACHE_SIZE + ") instead");
+ }
}
- return (defaultCacheLimit > 0) ? defaultCacheLimit : 0;
+ return DEFAULT_MAX_CACHE_SIZE;
}
private boolean isTimedout(SSLSession sess) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java Thu Nov 29 08:43:12 2018 -0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8210985
+ * @summary Update the default SSL session cache size to 20480
+ * @run main/othervm DefautlCacheSize
+ */
+
+// The SunJSSE provider cannot use System Properties in samevm/agentvm mode.
+// Please run JSSE test in othervm mode.
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+
+public class DefautlCacheSize {
+
+ public static void main(String[] args) throws Exception {
+ SSLServerSocketFactory sssf =
+ (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+
+ try (SSLServerSocket serverSocket =
+ (SSLServerSocket)sssf.createServerSocket()) {
+
+ String[] protocols = serverSocket.getSupportedProtocols();
+ for (int i = 0; i < protocols.length; i++) {
+ if (protocols[i].equals("SSLv2Hello")) {
+ continue;
+ }
+ SSLContext sslContext = SSLContext.getInstance(protocols[i]);
+ SSLSessionContext sessionContext =
+ sslContext.getServerSessionContext();
+ if (sessionContext.getSessionCacheSize() == 0) {
+ throw new Exception(
+ "the default server session cache size is infinite");
+ }
+
+ sessionContext = sslContext.getClientSessionContext();
+ if (sessionContext.getSessionCacheSize() == 0) {
+ throw new Exception(
+ "the default client session cache size is infinite");
+ }
+ }
+ }
+ }
+}