changeset 13554:568573273ed2

8210985: Update the default SSL session cache size to 20480 Summary: Change SSLSessionContext.getSessionCacheSize to return 20480 by default instead of 0. Reviewed-by: jnimeh, mullan
author xuelei
date Wed, 29 May 2019 20:27:37 +0000
parents a7c4b3a4bdfb
children 57d6c23af6c9
files src/share/classes/javax/net/ssl/SSLSessionContext.java src/share/classes/sun/security/ssl/SSLSessionContextImpl.java test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java
diffstat 3 files changed, 119 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/javax/net/ssl/SSLSessionContext.java	Tue May 28 20:01:51 2019 +0200
+++ b/src/share/classes/javax/net/ssl/SSLSessionContext.java	Wed May 29 20:27:37 2019 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,10 +87,17 @@
      * A check for sessions exceeding the timeout is made immediately whenever
      * the timeout limit is changed for this <code>SSLSessionContext</code>.
      *
+     * @apiNote Note that the JDK Implementation uses default values for both
+     *          the session cache size and timeout.  See
+     *          {@code getSessionCacheSize} and {@code getSessionTimeout} for
+     *          more information.  Applications should consider their
+     *          performance requirements and override the defaults if necessary.
+     *
      * @param seconds the new session timeout limit in seconds; zero means
-     *          there is no limit.
+     *        there is no limit.
      *
-     * @exception IllegalArgumentException if the timeout specified is {@code < 0}.
+     * @throws IllegalArgumentException if the timeout specified is {@code < 0}.
+     *
      * @see #getSessionTimeout
      */
     public void setSessionTimeout(int seconds)
@@ -109,33 +116,50 @@
      * whenever the timeout limit is changed for this
      * <code>SSLSessionContext</code>.
      *
+     * @implNote The JDK implementation returns the session timeout as set by
+     *           the {@code setSessionTimeout} method, or if not set, a default
+     *           value of 86400 seconds (24 hours).
+     *
      * @return the session timeout limit in seconds; zero means there is no
-     * limit.
+     *         limit.
+     *
      * @see #setSessionTimeout
      */
     public int getSessionTimeout();
 
     /**
-     * Sets the size of the cache used for storing
-     * <code>SSLSession</code> objects grouped under this
-     * <code>SSLSessionContext</code>.
+     * Sets the size of the cache used for storing <code>SSLSession</code>
+     * objects grouped under this <code>SSLSessionContext</code>.
+     *
+     * @apiNote Note that the JDK Implementation uses default values for both
+     *          the session cache size and timeout.  See
+     *          {@code getSessionCacheSize} and {@code getSessionTimeout} for
+     *          more information.  Applications should consider their
+     *          performance requirements and override the defaults if necessary.
      *
      * @param size the new session cache size limit; zero means there is no
-     * limit.
-     * @exception IllegalArgumentException if the specified size is {@code < 0}.
+     *        limit.
+     *
+     * @throws IllegalArgumentException if the specified size is {@code < 0}.
+     *
      * @see #getSessionCacheSize
      */
     public void setSessionCacheSize(int size)
                  throws IllegalArgumentException;
 
     /**
-     * Returns the size of the cache used for storing
-     * <code>SSLSession</code> objects grouped under this
-     * <code>SSLSessionContext</code>.
+     * Returns the size of the cache used for storing <code>SSLSession</code>
+     * objects grouped under this <code>SSLSessionContext</code>.
+     *
+     * @implNote The JDK implementation returns the cache size as set by
+     *           the {@code setSessionCacheSize} method, or if not set, the
+     *           value of the {@systemProperty javax.net.ssl.sessionCacheSize}
+     *           system property.  If neither is set, it returns a default
+     *           value of 20480.
      *
      * @return size of the session cache; zero means there is no size limit.
+     *
      * @see #setSessionCacheSize
      */
     public int getSessionCacheSize();
-
 }
--- a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Tue May 28 20:01:51 2019 +0200
+++ b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Wed May 29 20:27:37 2019 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,10 +33,13 @@
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 
+import sun.security.action.GetIntegerAction;
 import sun.security.util.Cache;
 
 
 final class SSLSessionContextImpl implements SSLSessionContext {
+    private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
+
     private Cache<SessionId, SSLSessionImpl> sessionCache;
                                         // session cache, session id as key
     private Cache<String, SSLSessionImpl> sessionHostPortCache;
@@ -197,21 +200,19 @@
     }
 
     private int getDefaultCacheLimit() {
-        int cacheLimit = 0;
         try {
-        String s = java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<String>() {
-                @Override
-                public String run() {
-                    return System.getProperty(
-                        "javax.net.ssl.sessionCacheSize");
-                }
-            });
-            cacheLimit = (s != null) ? Integer.valueOf(s).intValue() : 0;
+            int defaultCacheLimit =
+                java.security.AccessController.doPrivileged(
+                    new GetIntegerAction("javax.net.ssl.sessionCacheSize",
+                                         DEFAULT_MAX_CACHE_SIZE)).intValue();
+
+            if (defaultCacheLimit >= 0) {
+                return defaultCacheLimit;
+            }
         } catch (Exception e) {
         }
 
-        return (cacheLimit > 0) ? cacheLimit : 0;
+        return DEFAULT_MAX_CACHE_SIZE;
     }
 
     boolean isTimedout(SSLSession sess) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/SSLContextImpl/DefautlCacheSize.java	Wed May 29 20:27:37 2019 +0000
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8210985
+ * @summary Update the default SSL session cache size to 20480
+ * @run main/othervm DefautlCacheSize
+ */
+
+// The SunJSSE provider cannot use System Properties in samevm/agentvm mode.
+// Please run JSSE test in othervm mode.
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+
+public class DefautlCacheSize {
+
+    public static void main(String[] args) throws Exception {
+        SSLServerSocketFactory sssf =
+                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+
+        try (SSLServerSocket serverSocket =
+                    (SSLServerSocket)sssf.createServerSocket()) {
+
+            String[] protocols = serverSocket.getSupportedProtocols();
+            for (int i = 0; i < protocols.length; i++) {
+                if (protocols[i].equals("SSLv2Hello")) {
+                    continue;
+                }
+                SSLContext sslContext = SSLContext.getInstance(protocols[i]);
+                SSLSessionContext sessionContext =
+                        sslContext.getServerSessionContext();
+                if (sessionContext.getSessionCacheSize() == 0) {
+                    throw new Exception(
+                        "the default server session cache size is infinite");
+                }
+
+                sessionContext = sslContext.getClientSessionContext();
+                if (sessionContext.getSessionCacheSize() == 0) {
+                    throw new Exception(
+                        "the default client session cache size is infinite");
+                }
+            }
+        }
+    }
+}