8210985: Update the default SSL session cache size to 20480

Summary: Change SSLSessionContext.getSessionCacheSize to return 20480 by default instead of 0.
Reviewed-by: jnimeh, mullan

3 files changed, 119 insertions, 25 deletions

diff --git a/src/share/classes/javax/net/ssl/SSLSessionContext.java b/src/share/classes/javax/net/ssl/SSLSessionContext.java
index b6f6fb6df4..6361f6bc56 100644
--- a/src/share/classes/javax/net/ssl/SSLSessionContext.java
+++ b/src/share/classes/javax/net/ssl/SSLSessionContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,10 +87,17 @@ public interface SSLSessionContext {
      * A check for sessions exceeding the timeout is made immediately whenever
      * the timeout limit is changed for this <code>SSLSessionContext</code>.
      *
+     * @apiNote Note that the JDK Implementation uses default values for both
+     *          the session cache size and timeout.  See
+     *          {@code getSessionCacheSize} and {@code getSessionTimeout} for
+     *          more information.  Applications should consider their
+     *          performance requirements and override the defaults if necessary.
+     *
      * @param seconds the new session timeout limit in seconds; zero means
-     *          there is no limit.
+     *        there is no limit.
+     *
+     * @throws IllegalArgumentException if the timeout specified is {@code < 0}.
      *
-     * @exception IllegalArgumentException if the timeout specified is {@code < 0}.
      * @see #getSessionTimeout
      */
     public void setSessionTimeout(int seconds)
@@ -109,33 +116,50 @@ public interface SSLSessionContext {
      * whenever the timeout limit is changed for this
      * <code>SSLSessionContext</code>.
      *
+     * @implNote The JDK implementation returns the session timeout as set by
+     *           the {@code setSessionTimeout} method, or if not set, a default
+     *           value of 86400 seconds (24 hours).
+     *
      * @return the session timeout limit in seconds; zero means there is no
-     * limit.
+     *         limit.
+     *
      * @see #setSessionTimeout
      */
     public int getSessionTimeout();
 
     /**
-     * Sets the size of the cache used for storing
-     * <code>SSLSession</code> objects grouped under this
-     * <code>SSLSessionContext</code>.
+     * Sets the size of the cache used for storing <code>SSLSession</code>
+     * objects grouped under this <code>SSLSessionContext</code>.
+     *
+     * @apiNote Note that the JDK Implementation uses default values for both
+     *          the session cache size and timeout.  See
+     *          {@code getSessionCacheSize} and {@code getSessionTimeout} for
+     *          more information.  Applications should consider their
+     *          performance requirements and override the defaults if necessary.
      *
      * @param size the new session cache size limit; zero means there is no
-     * limit.
-     * @exception IllegalArgumentException if the specified size is {@code < 0}.
+     *        limit.
+     *
+     * @throws IllegalArgumentException if the specified size is {@code < 0}.
+     *
      * @see #getSessionCacheSize
      */
     public void setSessionCacheSize(int size)
                  throws IllegalArgumentException;
 
     /**
-     * Returns the size of the cache used for storing
-     * <code>SSLSession</code> objects grouped under this
-     * <code>SSLSessionContext</code>.
+     * Returns the size of the cache used for storing <code>SSLSession</code>
+     * objects grouped under this <code>SSLSessionContext</code>.
+     *
+     * @implNote The JDK implementation returns the cache size as set by
+     *           the {@code setSessionCacheSize} method, or if not set, the
+     *           value of the {@systemProperty javax.net.ssl.sessionCacheSize}
+     *           system property.  If neither is set, it returns a default
+     *           value of 20480.
      *
      * @return size of the session cache; zero means there is no size limit.
+     *
      * @see #setSessionCacheSize
      */
     public int getSessionCacheSize();
-
 }
diff --git a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java
index 51fac9bc6e..d728821717 100644
--- a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java
+++ b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,10 +33,13 @@ import java.util.Locale;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 
+import sun.security.action.GetIntegerAction;
 import sun.security.util.Cache;
 
 
 final class SSLSessionContextImpl implements SSLSessionContext {
+    private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
+
     private Cache<SessionId, SSLSessionImpl> sessionCache;
                                         // session cache, session id as key
     private Cache<String, SSLSessionImpl> sessionHostPortCache;
@@ -197,21 +200,19 @@ final class SSLSessionContextImpl implements SSLSessionContext {
     }
 
     private int getDefaultCacheLimit() {
-        int cacheLimit = 0;
         try {
-        String s = java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<String>() {
-                @Override
-                public String run() {
-                    return System.getProperty(
-                        "javax.net.ssl.sessionCacheSize");
-                }
-            });
-            cacheLimit = (s != null) ? Integer.valueOf(s).intValue() : 0;
+            int defaultCacheLimit =
+                java.security.AccessController.doPrivileged(
+                    new GetIntegerAction("javax.net.ssl.sessionCacheSize",
+                                         DEFAULT_MAX_CACHE_SIZE)).intValue();
+
+            if (defaultCacheLimit >= 0) {
+                return defaultCacheLimit;
+            }
         } catch (Exception e) {
         }
 
-        return (cacheLimit > 0) ? cacheLimit : 0;
+        return DEFAULT_MAX_CACHE_SIZE;
     }
 
     boolean isTimedout(SSLSession sess) {
diff --git a/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java b/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java
new file mode 100644
index 0000000000..184db8f930
--- /dev/null
+++ b/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8210985
+ * @summary Update the default SSL session cache size to 20480
+ * @run main/othervm DefautlCacheSize
+ */
+
+// The SunJSSE provider cannot use System Properties in samevm/agentvm mode.
+// Please run JSSE test in othervm mode.
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+
+public class DefautlCacheSize {
+
+    public static void main(String[] args) throws Exception {
+        SSLServerSocketFactory sssf =
+                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+
+        try (SSLServerSocket serverSocket =
+                    (SSLServerSocket)sssf.createServerSocket()) {
+
+            String[] protocols = serverSocket.getSupportedProtocols();
+            for (int i = 0; i < protocols.length; i++) {
+                if (protocols[i].equals("SSLv2Hello")) {
+                    continue;
+                }
+                SSLContext sslContext = SSLContext.getInstance(protocols[i]);
+                SSLSessionContext sessionContext =
+                        sslContext.getServerSessionContext();
+                if (sessionContext.getSessionCacheSize() == 0) {
+                    throw new Exception(
+                        "the default server session cache size is infinite");
+                }
+
+                sessionContext = sslContext.getClientSessionContext();
+                if (sessionContext.getSessionCacheSize() == 0) {
+                    throw new Exception(
+                        "the default client session cache size is infinite");
+                }
+            }
+        }
+    }
+}