Hi,
The JEP was updated so that it has a better presentation.
https://bugs.openjdk.java.net/browse/JDK-8245551
The goals now is described in a higher level, and some of the details
are moved to the Description section. Any comments are welcome. Please
let me know by end of this month, October 31, 2020.
BTW, I will post a new thread about the algorithm used for the session
ticket protection and synchronization in the cluster.
Thanks,
Xuelei
On 9/29/2020 9:25 PM, Xuelei Fan wrote:
Hi,
I was wondering to improve the scalability of the TLS implementation in
JDK. TLS session resumption is much faster than full handshaking. It
may be a good to support efficiently distributing and resuming TLS
sessions across clusters of computers, by using stateless TLS session
tickets.
The following is a list of the goals:
1. Use session tickets to distribute and resume sessions.
2. Implement a protection scheme for session tickets.
3. Deprecate or modify Java SE APIs that negatively impact distributed
session resumption.
4. Ensure that the session tickets generated and protected in one server
node can be used for session resumption in other nodes in the
distributed system.
5. Ensure that the secret keys used to protect the session ticket can be
rotated and synchronized effectively.
6. Ensure that a new server node inserted into the distributed system
can be automatically synchronized, thus making it possible to plugin new
server nodes as needed.
For more details, please refer to the draft JEP.
https://bugs.openjdk.java.net/browse/JDK-8245551
Does it sound like a good idea? Did you run into scalability problems
for TLS/HTTPS connections? Any suggestions? Any comments are welcome.
Thanks & Regards,
Xuelei
