[jira] [Commented] (HTTPCLIENT-2134) HttpClient doesn't reuse TLS 1.2 Session

Mon, 08 Feb 2021 09:18:25 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281222#comment-17281222
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-2134:
-----------------------------------------------

> It' seems it's the root cause of the problem. It seems that HttpClient must 
> interact more closely with JSSE to process this case

[~m_v_egorov] Why? Why should HttpClient be doing it? Is there a statement or a 
requirement in the HTTP spec to that effect?
If one has a specific system requirement one can always implement a custom SSL 
connection socket factory, like the one you have commented out in your test app.

If you want us to make any changes to HttpClient code or its default behavor 
please raise a PR at GitHub with the proposed changes.

Oleg 

> HttpClient doesn't reuse TLS 1.2 Session
> ----------------------------------------
>
>                 Key: HTTPCLIENT-2134
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2134
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.13, 5.0.3
>            Reporter: Maxim Egorov
>            Priority: Major
>         Attachments: TestApacheHttpClientApp.java, handshake.log
>
>
> To reproduce run on java 11+:
> java -cp ... -Djavax.net.debug=ssl:handshake TestApacheHttpClientApp
> As you can see from handshake.log file HttpClient always create new tls 
> session.
> The root of problem is support of Extended Master Key Extension in 
> [https://github.com/openjdk/jdk/blob/jdk-11+28/src/java.base/share/classes/sun/security/ssl/ClientHello.java#L497.]
>  The standard jdk HttpURLConnection doesn't be affected this issues because 
> of it sets chc.sslConfig.identificationProtocol equals to HTTPS by default 
> [https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java#L560.]
>  I tried to repeat the same trick (The commented code), but due to the bugs 
> of JDK [https://bugs.openjdk.java.net/browse/JDK-8253368] and may be 
> incorrect implementation of method 
> org.apache.http.impl.BHttpConnectionBase.close it doesn't work.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to