RFR: 8286433: Cache certificates decoded from TLS session tickets
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu May 12 04:25:56 UTC 2022
On Mon, 9 May 2022 19:38:36 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> When a TLS server resumes a session from a stateless session ticket, it populates the `SSLSessionImpl`'s `localCerts` and `peerCerts` fields with certificates deserialized from the session ticket. These certificates are often the same across a large number of tickets.
>
> This patch implements a certificate cache lookup for these certificates. This enables us to avoid deserializing the same certificates repeatedly, and saves memory by reusing the same certificate objects.
It looks good to me. Thanks!
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/8608
More information about the security-dev
mailing list