Hello Nezih!
This issue is still being discussed off-list.
There have been two approaches proposed so far: 1) improve the session
cache and 2) provide an option to turn the cache off completely.
The former one is good by itself, so I filed an enhancement request [1]
with a link to proposal made by Peter Levart [2].
However, as this is an enhancement, it seems unlikely it's going to be
backported to earlier releases of JDK.
With kind regards,
Ivan
[1] https://bugs.openjdk.java.net/browse/JDK-8202086
[2]
http://mail.openjdk.java.net/pipermail/security-dev/2017-November/016512.html
On 4/18/18 9:32 PM, nezih yigitbasi wrote:
Hi,
We are hitting the scalability problem of the SSL session cache in
production that JDK-8186628 is addressing.
I see that JDK-8186628 has not been updated since Nov'17, so I just
wanted to get information about what the current plans are regarding
that issue.
Thanks,
Nezih
--
With kind regards,
Ivan Gerasimov
