8227551: Session Resumption without Server-Side State off by default
Reviewed-by: xuelei, jnimeh, jjiang
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/open.iml Wed Jul 17 12:31:21 2019 -0700
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+ <component name="NewModuleRootManager" inherit-compiler-output="true">
+ <exclude-output />
+ <content url="file://$MODULE_DIR$">
+ <sourceFolder url="file://$MODULE_DIR$/src/java.base/share/classes" isTestSource="false" />
+ </content>
+ <orderEntry type="sourceFolder" forTests="false" />
+ <orderEntry type="inheritedJdk" />
+ </component>
+</module>
\ No newline at end of file
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java Wed Jul 17 08:34:45 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java Wed Jul 17 12:31:21 2019 -0700
@@ -69,8 +69,8 @@
private int cacheLimit; // the max cache size
private int timeout; // timeout in seconds
- // Does this context support stateless session (RFC 5077)
- private boolean statelessSession = true;
+ // Default setting for stateless session resumption support (RFC 5077)
+ private boolean statelessSession = false;
// package private
SSLSessionContextImpl(boolean server) {
@@ -234,14 +234,13 @@
// Property for Session Cache state
if (server) {
st = GetPropertyAction.privilegedGetProperty(
- "jdk.tls.server.enableSessionTicketExtension", "true");
+ "jdk.tls.server.enableSessionTicketExtension", "false");
} else {
st = GetPropertyAction.privilegedGetProperty(
- "jdk.tls.client.enableSessionTicketExtension", "true");
+ "jdk.tls.client.enableSessionTicketExtension", "false");
}
- if (st.compareToIgnoreCase("false") == 0) {
- statelessSession = false;
- }
+
+ statelessSession = Boolean.parseBoolean(st);
// Property for Session Ticket Timeout. The value can be changed
// by SSLSessionContext.setSessionTimeout(int)