I found one problem here that I can't seem to figure out how to fix. This: ((SSLSocket) conn.getSocket()).getSession().invalidate(); won't work for me because the getSocket() call on the HttpConnection conn is a protected method. I'm not within scope. What are my options? Thanks Jeremy Hicks Novell, Inc., the leading provider of information solutions http://www.novell.com
>>> Ortwin Glück <[EMAIL PROTECTED]> 7/7/2006 2:33 AM >>> Jeremy Hicks wrote: > We are using the EasySSLProtocolSocketFactory written by Oleg which > is under com.sun.net.ssl.*. Huh, what is under com.sun? > I wasn't able to see a method for > SSLContext called getClientSessionContext(). http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/SSLContext.html#getClientSessionContext() > If there is a known way > to invalidate the session using this class, that would be great. With > this class we are getting, what appears to be, one full handshake > that is being shared across all threads that are running instead of > getting one full handshake for each thread (which is what a browser > does). Yes, that's true. This implementation is not perfect. It's a basis. We happily accept patches, however. > However, since I couldn't find that method, instead I tried a > modified version of the EasySSLProtocolSocketFactory class which uses > the javax.net.ssl.* classes. I fail to understand... > Using that, it seems that ALL SSL > handshakes are full and that none of them are abbreviated. Maybe you are not keeping any SSL sessions? > It didn't > seem to matter what I set the session cache size or session timeout > to, I always got the same results. (I was trying to set these within > the getEasySSLSocketFactory() method.) It also didn't seem to matter > if I used the MultiThreadedHttpClientManger or my own that > force-closes the HTTP connections. Where should I be making the call > to SSLSocket.getSession() to try and invalidate the session there? I think the best place to invalidate the session is from a custom connection manager in its releaseConnection method like so: ((SSLSocket) conn.getSocket()).getSession().invalidate(); > Am I missing something basic here? If I'm not being clear enough, > please let me know. > Hope that helps Ortwin Glück > Jeremy Hicks Novell, Inc., the leading provider of information > solutions http://www.novell.com ( http://www.novell.com/ ) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
