changeset 52921:8a85d21d9616

8210985: Update the default SSL session cache size to 20480 Reviewed-by: jnimeh, mullan
author xuelei
date Thu, 29 Nov 2018 08:43:12 -0800
parents c392f7b60fd9
children 265209adbe77
files src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java test/jdk/sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java
diffstat 3 files changed, 128 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java	Thu Nov 29 09:19:16 2018 -0500
+++ b/src/java.base/share/classes/javax/net/ssl/SSLSessionContext.java	Thu Nov 29 08:43:12 2018 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,10 +87,17 @@
      * A check for sessions exceeding the timeout is made immediately whenever
      * the timeout limit is changed for this <code>SSLSessionContext</code>.
      *
+     * @apiNote Note that the JDK Implementation uses default values for both
+     *          the session cache size and timeout.  See
+     *          {@code getSessionCacheSize} and {@code getSessionTimeout} for
+     *          more information.  Applications should consider their
+     *          performance requirements and override the defaults if necessary.
+     *
      * @param seconds the new session timeout limit in seconds; zero means
-     *          there is no limit.
+     *        there is no limit.
      *
-     * @exception IllegalArgumentException if the timeout specified is {@code < 0}.
+     * @throws IllegalArgumentException if the timeout specified is {@code < 0}.
+     *
      * @see #getSessionTimeout
      */
     public void setSessionTimeout(int seconds)
@@ -109,33 +116,50 @@
      * whenever the timeout limit is changed for this
      * <code>SSLSessionContext</code>.
      *
+     * @implNote The JDK implementation returns the session timeout as set by
+     *           the {@code setSessionTimeout} method, or if not set, a default
+     *           value of 86400 seconds (24 hours).
+     *
      * @return the session timeout limit in seconds; zero means there is no
-     * limit.
+     *         limit.
+     *
      * @see #setSessionTimeout
      */
     public int getSessionTimeout();
 
     /**
-     * Sets the size of the cache used for storing
-     * <code>SSLSession</code> objects grouped under this
-     * <code>SSLSessionContext</code>.
+     * Sets the size of the cache used for storing <code>SSLSession</code>
+     * objects grouped under this <code>SSLSessionContext</code>.
+     *
+     * @apiNote Note that the JDK Implementation uses default values for both
+     *          the session cache size and timeout.  See
+     *          {@code getSessionCacheSize} and {@code getSessionTimeout} for
+     *          more information.  Applications should consider their
+     *          performance requirements and override the defaults if necessary.
      *
      * @param size the new session cache size limit; zero means there is no
-     * limit.
-     * @exception IllegalArgumentException if the specified size is {@code < 0}.
+     *        limit.
+     *
+     * @throws IllegalArgumentException if the specified size is {@code < 0}.
+     *
      * @see #getSessionCacheSize
      */
     public void setSessionCacheSize(int size)
                  throws IllegalArgumentException;
 
     /**
-     * Returns the size of the cache used for storing
-     * <code>SSLSession</code> objects grouped under this
-     * <code>SSLSessionContext</code>.
+     * Returns the size of the cache used for storing <code>SSLSession</code>
+     * objects grouped under this <code>SSLSessionContext</code>.
+     *
+     * @implNote The JDK implementation returns the cache size as set by
+     *           the {@code setSessionCacheSize} method, or if not set, the
+     *           value of the {@systemProperty javax.net.ssl.sessionCacheSize}
+     *           system property.  If neither is set, it returns a default
+     *           value of 20480.
      *
      * @return size of the session cache; zero means there is no size limit.
+     *
      * @see #setSessionCacheSize
      */
     public int getSessionCacheSize();
-
 }
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Thu Nov 29 09:19:16 2018 -0500
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Thu Nov 29 08:43:12 2018 -0800
@@ -32,11 +32,13 @@
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 
-import sun.security.action.GetPropertyAction;
+import sun.security.action.GetIntegerAction;
 import sun.security.util.Cache;
 
 
 final class SSLSessionContextImpl implements SSLSessionContext {
+    private final static int DEFAULT_MAX_CACHE_SIZE = 20480;
+
     private final Cache<SessionId, SSLSessionImpl> sessionCache;
                                         // session cache, session id as key
     private final Cache<String, SSLSessionImpl> sessionHostPortCache;
@@ -196,16 +198,29 @@
     }
 
     private static int getDefaultCacheLimit() {
-        int defaultCacheLimit = 0;
         try {
-            String s = GetPropertyAction
-                    .privilegedGetProperty("javax.net.ssl.sessionCacheSize");
-            defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
+            int defaultCacheLimit = GetIntegerAction.privilegedGetProperty(
+                    "javax.net.ssl.sessionCacheSize", DEFAULT_MAX_CACHE_SIZE);
+
+            if (defaultCacheLimit >= 0) {
+                return defaultCacheLimit;
+            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                SSLLogger.warning(
+                    "invalid System Property javax.net.ssl.sessionCacheSize, " +
+                    "use the default session cache size (" +
+                    DEFAULT_MAX_CACHE_SIZE + ") instead");
+            }
         } catch (Exception e) {
-            // swallow the exception
+            // unlikely, log it for safe
+            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                SSLLogger.warning(
+                    "the System Property javax.net.ssl.sessionCacheSize is " +
+                    "not available, use the default value (" +
+                    DEFAULT_MAX_CACHE_SIZE + ") instead");
+            }
         }
 
-        return (defaultCacheLimit > 0) ? defaultCacheLimit : 0;
+        return DEFAULT_MAX_CACHE_SIZE;
     }
 
     private boolean isTimedout(SSLSession sess) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java	Thu Nov 29 08:43:12 2018 -0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8210985
+ * @summary Update the default SSL session cache size to 20480
+ * @run main/othervm DefautlCacheSize
+ */
+
+// The SunJSSE provider cannot use System Properties in samevm/agentvm mode.
+// Please run JSSE test in othervm mode.
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+
+public class DefautlCacheSize {
+
+    public static void main(String[] args) throws Exception {
+        SSLServerSocketFactory sssf =
+                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+
+        try (SSLServerSocket serverSocket =
+                    (SSLServerSocket)sssf.createServerSocket()) {
+
+            String[] protocols = serverSocket.getSupportedProtocols();
+            for (int i = 0; i < protocols.length; i++) {
+                if (protocols[i].equals("SSLv2Hello")) {
+                    continue;
+                }
+                SSLContext sslContext = SSLContext.getInstance(protocols[i]);
+                SSLSessionContext sessionContext =
+                        sslContext.getServerSessionContext();
+                if (sessionContext.getSessionCacheSize() == 0) {
+                    throw new Exception(
+                        "the default server session cache size is infinite");
+                }
+
+                sessionContext = sslContext.getClientSessionContext();
+                if (sessionContext.getSessionCacheSize() == 0) {
+                    throw new Exception(
+                        "the default client session cache size is infinite");
+                }
+            }
+        }
+    }
+}