RFR: 8298381: Improve handling of session tickets for multiple SSLContexts
Volker Simonis
simonis at openjdk.org
Mon Dec 12 09:59:32 UTC 2022
On Sun, 11 Dec 2022 20:38:16 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> > The same example with the 1000 connections being opened alternatively on two different contexts will instead create 1000 `StatelessKey` instances:
>
> That's obviously not the expected behaviors. It is a good catch for the `static currentKeyID` issue.
>
> What do you think to move `SSLContextImpl.keyHashMap` into `SSLSessionContextImpl`? I would like to have SSLContextImpl focusing on configuration.
Do you propose to only move `SSLContextImpl.keyHashMap`, or both `SSLContextImpl.keyHashMap` and `SSLContextImpl.currentKeyID` or `SSLContextImpl.keyHashMap`, `SSLContextImpl.currentKeyID` and all the corresponding accessor methods (i.e. `addSessionKey()`, `cleanupSessionKeys()`, `getKey()` and `getID()`) into `SSLSessionContextImpl`?
Also, I assume you'd probably like to keep it in `SSLContextImpl.serverCache` rather then `SSLContextImpl.clinetCache`, right?
-------------
PR: https://git.openjdk.org/jdk/pull/11590
More information about the security-dev
mailing list