diff options
author | xuelei <unknown> | 2019-05-29 20:27:37 +0000 |
---|---|---|
committer | bell-sw <liberica@bell-sw.com> | 2019-07-22 19:22:30 +0300 |
commit | 360183c8a2a584e90238f032ebcd40f14572a0d1 (patch) | |
tree | 341e94399c934148b8bcfbf4bad4e13a4ef40667 | |
parent | 8fb827e43da007865897f38e7f3a6ceb15f109e8 (diff) | |
download | jdk8u_jdk-360183c8a2a584e90238f032ebcd40f14572a0d1.tar.gz |
8210985: Update the default SSL session cache size to 20480
Summary: Change SSLSessionContext.getSessionCacheSize to return 20480 by default instead of 0.
Reviewed-by: jnimeh, mullan
3 files changed, 119 insertions, 25 deletions
diff --git a/src/share/classes/javax/net/ssl/SSLSessionContext.java b/src/share/classes/javax/net/ssl/SSLSessionContext.java index b6f6fb6df4..6361f6bc56 100644 --- a/src/share/classes/javax/net/ssl/SSLSessionContext.java +++ b/src/share/classes/javax/net/ssl/SSLSessionContext.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -87,10 +87,17 @@ public interface SSLSessionContext { * A check for sessions exceeding the timeout is made immediately whenever * the timeout limit is changed for this <code>SSLSessionContext</code>. * + * @apiNote Note that the JDK Implementation uses default values for both + * the session cache size and timeout. See + * {@code getSessionCacheSize} and {@code getSessionTimeout} for + * more information. Applications should consider their + * performance requirements and override the defaults if necessary. + * * @param seconds the new session timeout limit in seconds; zero means - * there is no limit. + * there is no limit. + * + * @throws IllegalArgumentException if the timeout specified is {@code < 0}. * - * @exception IllegalArgumentException if the timeout specified is {@code < 0}. * @see #getSessionTimeout */ public void setSessionTimeout(int seconds) @@ -109,33 +116,50 @@ public interface SSLSessionContext { * whenever the timeout limit is changed for this * <code>SSLSessionContext</code>. * + * @implNote The JDK implementation returns the session timeout as set by + * the {@code setSessionTimeout} method, or if not set, a default + * value of 86400 seconds (24 hours). + * * @return the session timeout limit in seconds; zero means there is no - * limit. + * limit. + * * @see #setSessionTimeout */ public int getSessionTimeout(); /** - * Sets the size of the cache used for storing - * <code>SSLSession</code> objects grouped under this - * <code>SSLSessionContext</code>. + * Sets the size of the cache used for storing <code>SSLSession</code> + * objects grouped under this <code>SSLSessionContext</code>. + * + * @apiNote Note that the JDK Implementation uses default values for both + * the session cache size and timeout. See + * {@code getSessionCacheSize} and {@code getSessionTimeout} for + * more information. Applications should consider their + * performance requirements and override the defaults if necessary. * * @param size the new session cache size limit; zero means there is no - * limit. - * @exception IllegalArgumentException if the specified size is {@code < 0}. + * limit. + * + * @throws IllegalArgumentException if the specified size is {@code < 0}. + * * @see #getSessionCacheSize */ public void setSessionCacheSize(int size) throws IllegalArgumentException; /** - * Returns the size of the cache used for storing - * <code>SSLSession</code> objects grouped under this - * <code>SSLSessionContext</code>. + * Returns the size of the cache used for storing <code>SSLSession</code> + * objects grouped under this <code>SSLSessionContext</code>. + * + * @implNote The JDK implementation returns the cache size as set by + * the {@code setSessionCacheSize} method, or if not set, the + * value of the {@systemProperty javax.net.ssl.sessionCacheSize} + * system property. If neither is set, it returns a default + * value of 20480. * * @return size of the session cache; zero means there is no size limit. + * * @see #setSessionCacheSize */ public int getSessionCacheSize(); - } diff --git a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java index 51fac9bc6e..d728821717 100644 --- a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java +++ b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,10 +33,13 @@ import java.util.Locale; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSessionContext; +import sun.security.action.GetIntegerAction; import sun.security.util.Cache; final class SSLSessionContextImpl implements SSLSessionContext { + private final static int DEFAULT_MAX_CACHE_SIZE = 20480; + private Cache<SessionId, SSLSessionImpl> sessionCache; // session cache, session id as key private Cache<String, SSLSessionImpl> sessionHostPortCache; @@ -197,21 +200,19 @@ final class SSLSessionContextImpl implements SSLSessionContext { } private int getDefaultCacheLimit() { - int cacheLimit = 0; try { - String s = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction<String>() { - @Override - public String run() { - return System.getProperty( - "javax.net.ssl.sessionCacheSize"); - } - }); - cacheLimit = (s != null) ? Integer.valueOf(s).intValue() : 0; + int defaultCacheLimit = + java.security.AccessController.doPrivileged( + new GetIntegerAction("javax.net.ssl.sessionCacheSize", + DEFAULT_MAX_CACHE_SIZE)).intValue(); + + if (defaultCacheLimit >= 0) { + return defaultCacheLimit; + } } catch (Exception e) { } - return (cacheLimit > 0) ? cacheLimit : 0; + return DEFAULT_MAX_CACHE_SIZE; } boolean isTimedout(SSLSession sess) { diff --git a/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java b/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java new file mode 100644 index 0000000000..184db8f930 --- /dev/null +++ b/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8210985 + * @summary Update the default SSL session cache size to 20480 + * @run main/othervm DefautlCacheSize + */ + +// The SunJSSE provider cannot use System Properties in samevm/agentvm mode. +// Please run JSSE test in othervm mode. + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSessionContext; + +public class DefautlCacheSize { + + public static void main(String[] args) throws Exception { + SSLServerSocketFactory sssf = + (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); + + try (SSLServerSocket serverSocket = + (SSLServerSocket)sssf.createServerSocket()) { + + String[] protocols = serverSocket.getSupportedProtocols(); + for (int i = 0; i < protocols.length; i++) { + if (protocols[i].equals("SSLv2Hello")) { + continue; + } + SSLContext sslContext = SSLContext.getInstance(protocols[i]); + SSLSessionContext sessionContext = + sslContext.getServerSessionContext(); + if (sessionContext.getSessionCacheSize() == 0) { + throw new Exception( + "the default server session cache size is infinite"); + } + + sessionContext = sslContext.getClientSessionContext(); + if (sessionContext.getSessionCacheSize() == 0) { + throw new Exception( + "the default client session cache size is infinite"); + } + } + } + } +} |