RFR: 8286433: Cache certificates decoded from TLS session tickets
Sean Coffey
coffeys at openjdk.java.net
Wed May 11 16:05:54 UTC 2022
On Mon, 9 May 2022 19:38:36 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> When a TLS server resumes a session from a stateless session ticket, it populates the `SSLSessionImpl`'s `localCerts` and `peerCerts` fields with certificates deserialized from the session ticket. These certificates are often the same across a large number of tickets.
>
> This patch implements a certificate cache lookup for these certificates. This enables us to avoid deserializing the same certificates repeatedly, and saves memory by reusing the same certificate objects.
Nice work. LGTM.
-------------
Marked as reviewed by coffeys (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/8608
More information about the security-dev
mailing list