CSR Review Request, JDK-8213577, Update the default SSL session cache size to 20480

Jamil Nimeh jamil.j.nimeh at oracle.com
Fri Nov 9 17:34:00 UTC 2018

Hi Xuelei,

Content looks good.  I'd remove specific references to Amazon from the 
CSR (it's fine to leave it in the source bug though).  Where'd you get 
the 20480 session cache limit from?  I saw a similar limit using the 
builtin SSL session cache from NGINX, is that where that number comes 
from?  Or is that common to other TLS library or webserver cache sizes?


On 11/8/2018 8:00 PM, Xuelei Fan wrote:
> Hi,
> Please review the proposal to update the default SSL session cache 
> size from infinite to 20480.
>   https://bugs.openjdk.java.net/browse/JDK-8213577
> I know that the default 20480 does not fit all.  I'd appreciate your 
> feedback if the value is acceptable.
> Thanks,
> Xuelei

More information about the security-dev mailing list