This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 88af47f Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
88af47f is described below
commit 88af47f902725f61bf82103244c04c8adfb6add5
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jul 25 10:49:28 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571
Allow users to specify infinite TLS session cache and/or timeout
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 3 ++-
java/org/apache/tomcat/util/net/SSLUtilBase.java | 7 +++++--
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 12 ++++++++----
4 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index bdb0c73..88bfbb2 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -96,7 +96,8 @@ public class SSLHostConfig implements Serializable {
private List<String> jsseCipherNames = null;
private boolean honorCipherOrder = false;
private Set<String> protocols = new HashSet<>();
- private int sessionCacheSize = 0;
+ // Values <0 mean use the implementation default
+ private int sessionCacheSize = -1;
private int sessionTimeout = 86400;
// JSSE
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index 7adbddd..bcbe390 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -257,10 +257,13 @@ public abstract class SSLUtilBase implements SSLUtil {
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
- if (sslHostConfig.getSessionCacheSize() > 0) {
+ // <0 - don't set anything - use the implementation default
+ if (sslHostConfig.getSessionCacheSize() >= 0) {
sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
}
- if (sslHostConfig.getSessionTimeout() > 0) {
+
+ // <0 - don't set anything - use the implementation default
+ if (sslHostConfig.getSessionTimeout() >= 0) {
sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 69d70b5..5a0983e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -100,6 +100,10 @@
internal error that results in a 500 response. (markt)
</fix>
<fix>
+ <bug>63571</bug>: Allow users to configure infinite TLS session caches
+ and/or timeouts. (markt)
+ </fix>
+ <fix>
<bug>63578</bug>: Improve handling of invalid requests so that 400
responses are returned to the client rather than 500 responses. (markt)
</fix>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index b56e42d..bef3a44 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1314,14 +1314,18 @@
</attribute>
<attribute name="sessionCacheSize" required="false">
- <p>The number of SSL sessions to maintain in the session cache. Use 0 to
- specify an unlimited cache size. If not specified, a default of 0 is
- used.</p>
+ <p>The number of SSL sessions to maintain in the session cache. Specify
+ <code>-1</code> to use the implementation default. Values of zero and
+ above are passed to the implementation. Zero is used to specify an
+ unlimited cache size and is not recommended. If not specified, a default
+ of <code>-1</code> is used.</p>
</attribute>
<attribute name="sessionTimeout" required="false">
<p>The time, in seconds, after the creation of an SSL session that it
will
- timeout. Use 0 to specify an unlimited timeout. If not specified, a
+ timeout. Specify <code>-1</code> to use the implementation default.
Values
+ of zero and above are passed to the implementation. Zero is used to
+ specify an unlimited timeout and is not recommended. If not specified, a
default of 86400 (24 hours) is used.</p>
</attribute>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
