This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new f6ecb33 TLS session cache and timeout config now works with JSSE and
OpenSSL
f6ecb33 is described below
commit f6ecb33fe8c79e14f3d08143e77b518ce9500b64
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Feb 28 21:36:13 2019 +0000
TLS session cache and timeout config now works with JSSE and OpenSSL
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 46 +++++++++++-----------
webapps/docs/changelog.xml | 6 +++
webapps/docs/config/http.xml | 2 -
3 files changed, 28 insertions(+), 26 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 4bd539b..716ea1b 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -96,11 +96,11 @@ public class SSLHostConfig implements Serializable {
private List<String> jsseCipherNames = null;
private boolean honorCipherOrder = false;
private Set<String> protocols = new HashSet<>();
+ private int sessionCacheSize = 0;
+ private int sessionTimeout = 86400;
// JSSE
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
private boolean revocationEnabled = false;
- private int sessionCacheSize = 0;
- private int sessionTimeout = 86400;
private String sslProtocol = Constants.SSL_PROTO_TLS;
private String trustManagerClassName;
private String truststoreAlgorithm =
TrustManagerFactory.getDefaultAlgorithm();
@@ -485,6 +485,26 @@ public class SSLHostConfig implements Serializable {
}
+ public void setSessionCacheSize(int sessionCacheSize) {
+ this.sessionCacheSize = sessionCacheSize;
+ }
+
+
+ public int getSessionCacheSize() {
+ return sessionCacheSize;
+ }
+
+
+ public void setSessionTimeout(int sessionTimeout) {
+ this.sessionTimeout = sessionTimeout;
+ }
+
+
+ public int getSessionTimeout() {
+ return sessionTimeout;
+ }
+
+
// ---------------------------------- JSSE specific configuration
properties
// TODO: These certificate setters can be removed once it is no longer
@@ -562,28 +582,6 @@ public class SSLHostConfig implements Serializable {
}
- public void setSessionCacheSize(int sessionCacheSize) {
- setProperty("sessionCacheSize", Type.JSSE);
- this.sessionCacheSize = sessionCacheSize;
- }
-
-
- public int getSessionCacheSize() {
- return sessionCacheSize;
- }
-
-
- public void setSessionTimeout(int sessionTimeout) {
- setProperty("sessionTimeout", Type.JSSE);
- this.sessionTimeout = sessionTimeout;
- }
-
-
- public int getSessionTimeout() {
- return sessionTimeout;
- }
-
-
public void setSslProtocol(String sslProtocol) {
setProperty("sslProtocol", Type.JSSE);
this.sslProtocol = sslProtocol;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2dacdc1..1f52fbb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -83,6 +83,12 @@
style configuration - including JKS keystores - to be used with the
APR/Native connector. (markt)
</fix>
+ <add>
+ With the TLS configuration refactoring, the configuration attributes
+ <code>sessionCacheSize</code> and <code>sessionTimeout</code> are no
+ longer limited to JSSE implementations. They may now be used with
+ OpenSSL implementations as well. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="WebSocket">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 782c1dd..f3e3f7a 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1318,14 +1318,12 @@
</attribute>
<attribute name="sessionCacheSize" required="false">
- <p>JSSE only.</p>
<p>The number of SSL sessions to maintain in the session cache. Use 0 to
specify an unlimited cache size. If not specified, a default of 0 is
used.</p>
</attribute>
<attribute name="sessionTimeout" required="false">
- <p>JSSE only.</p>
<p>The time, in seconds, after the creation of an SSL session that it
will
timeout. Use 0 to specify an unlimited timeout. If not specified, a
default of 86400 (24 hours) is used.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
