[jira] [Commented] (HTTPCLIENT-2134) HttpClient doesn't reuse TLS 1.2 Session

Mon, 12 Apr 2021 05:18:43 -0700 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319414#comment-17319414
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-2134:
-----------------------------------------------

>  Perhaps some sort of "EndpointIdentificationPolicy" could be considered to 
> make this simpler

[~peter.dettman] In all honesty I simply lack the necessary TLS expertise to do 
the right things here. I would really appreciate if an external contributor 
came forth and proposed a patch. This is what I basically said to the original 
reporter.

Oleg 

> HttpClient doesn't reuse TLS 1.2 Session
> ----------------------------------------
>
>                 Key: HTTPCLIENT-2134
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2134
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.13, 5.0.3
>            Reporter: Maxim Egorov
>            Priority: Minor
>              Labels: volunteers-wanted
>         Attachments: TestApacheHttpClientApp.java, handshake.log
>
>
> To reproduce run on java 11+:
> java -cp ... -Djavax.net.debug=ssl:handshake TestApacheHttpClientApp
> As you can see from handshake.log file HttpClient always create new tls 
> session.
> The root of problem is support of Extended Master Key Extension in 
> [https://github.com/openjdk/jdk/blob/jdk-11+28/src/java.base/share/classes/sun/security/ssl/ClientHello.java#L497.]
>  The standard jdk HttpURLConnection doesn't be affected this issues because 
> of it sets chc.sslConfig.identificationProtocol equals to HTTPS by default 
> [https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java#L560.]
>  I tried to repeat the same trick (The commented code), but due to the bugs 
> of JDK [https://bugs.openjdk.java.net/browse/JDK-8253368] and may be 
> incorrect implementation of method 
> org.apache.http.impl.BHttpConnectionBase.close it doesn't work.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to