changeset 55767:afeafa018937

8227551: Session Resumption without Server-Side State off by default Reviewed-by: xuelei, jnimeh, jjiang
author ascarpino
date Wed, 17 Jul 2019 12:31:21 -0700
parents 2e63fb0a885f
children e8b8460b191c
files open.iml src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
diffstat 2 files changed, 17 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/open.iml	Wed Jul 17 12:31:21 2019 -0700
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src/java.base/share/classes" isTestSource="false" />
+    </content>
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="inheritedJdk" />
+  </component>
+</module>
\ No newline at end of file
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Wed Jul 17 08:34:45 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Wed Jul 17 12:31:21 2019 -0700
@@ -69,8 +69,8 @@
     private int cacheLimit;             // the max cache size
     private int timeout;                // timeout in seconds
 
-    // Does this context support stateless session (RFC 5077)
-    private boolean statelessSession = true;
+    // Default setting for stateless session resumption support (RFC 5077)
+    private boolean statelessSession = false;
 
     // package private
     SSLSessionContextImpl(boolean server) {
@@ -234,14 +234,13 @@
             // Property for Session Cache state
             if (server) {
                 st = GetPropertyAction.privilegedGetProperty(
-                        "jdk.tls.server.enableSessionTicketExtension", "true");
+                        "jdk.tls.server.enableSessionTicketExtension", "false");
             } else {
                 st = GetPropertyAction.privilegedGetProperty(
-                        "jdk.tls.client.enableSessionTicketExtension", "true");
+                        "jdk.tls.client.enableSessionTicketExtension", "false");
             }
-            if (st.compareToIgnoreCase("false") == 0) {
-                statelessSession = false;
-            }
+
+            statelessSession = Boolean.parseBoolean(st);
 
             // Property for Session Ticket Timeout.  The value can be changed
             // by SSLSessionContext.setSessionTimeout(int)