This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cf83ecd8951756cc3eb2d7cff92801293d111cd7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Feb 28 21:36:13 2019 +0000
TLS session cache and timeout config now works with JSSE and OpenSSL
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 46 +++++++++++-----------
webapps/docs/changelog.xml | 6 +++
webapps/docs/config/http.xml | 2 -
3 files changed, 28 insertions(+), 26 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index eba04ab..56d8152 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -99,11 +99,11 @@ public class SSLHostConfig implements Serializable {
private List<String> jsseCipherNames = null;
private String honorCipherOrder = null;
private Set<String> protocols = new HashSet<>();
+ private int sessionCacheSize = 0;
+ private int sessionTimeout = 86400;
// JSSE
private String keyManagerAlgorithm =
KeyManagerFactory.getDefaultAlgorithm();
private boolean revocationEnabled = false;
- private int sessionCacheSize = 0;
- private int sessionTimeout = 86400;
private String sslProtocol = Constants.SSL_PROTO_TLS;
private String trustManagerClassName;
private String truststoreAlgorithm =
TrustManagerFactory.getDefaultAlgorithm();
@@ -496,6 +496,26 @@ public class SSLHostConfig implements Serializable {
}
+ public void setSessionCacheSize(int sessionCacheSize) {
+ this.sessionCacheSize = sessionCacheSize;
+ }
+
+
+ public int getSessionCacheSize() {
+ return sessionCacheSize;
+ }
+
+
+ public void setSessionTimeout(int sessionTimeout) {
+ this.sessionTimeout = sessionTimeout;
+ }
+
+
+ public int getSessionTimeout() {
+ return sessionTimeout;
+ }
+
+
// ---------------------------------- JSSE specific configuration
properties
// TODO: These certificate setters can be removed once it is no longer
@@ -573,28 +593,6 @@ public class SSLHostConfig implements Serializable {
}
- public void setSessionCacheSize(int sessionCacheSize) {
- setProperty("sessionCacheSize", Type.JSSE);
- this.sessionCacheSize = sessionCacheSize;
- }
-
-
- public int getSessionCacheSize() {
- return sessionCacheSize;
- }
-
-
- public void setSessionTimeout(int sessionTimeout) {
- setProperty("sessionTimeout", Type.JSSE);
- this.sessionTimeout = sessionTimeout;
- }
-
-
- public int getSessionTimeout() {
- return sessionTimeout;
- }
-
-
public void setSslProtocol(String sslProtocol) {
setProperty("sslProtocol", Type.JSSE);
this.sslProtocol = sslProtocol;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fd9bc49..bc882d1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,6 +121,12 @@
style configuration - including JKS keystores - to be used with the
APR/Native connector. (markt)
</fix>
+ <add>
+ With the TLS configuration refactoring, the configuration attributes
+ <code>sessionCacheSize</code> and <code>sessionTimeout</code> are no
+ longer limited to JSSE implementations. They may now be used with
+ OpenSSL implementations as well. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="WebSocket">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 19ddb72..8cbf292 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1319,14 +1319,12 @@
</attribute>
<attribute name="sessionCacheSize" required="false">
- <p>JSSE only.</p>
<p>The number of SSL sessions to maintain in the session cache. Use 0 to
specify an unlimited cache size. If not specified, a default of 0 is
used.</p>
</attribute>
<attribute name="sessionTimeout" required="false">
- <p>JSSE only.</p>
<p>The time, in seconds, after the creation of an SSL session that it
will
timeout. Use 0 to specify an unlimited timeout. If not specified, a
default of 86400 (24 hours) is used.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
