[
https://issues.apache.org/jira/browse/HTTPCLIENT-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281178#comment-17281178
]
Maxim Egorov commented on HTTPCLIENT-2134:
------------------------------------------
[~olegk] It' seems it's the root cause of the problem. It seems that HttpClient
must interact more closely with JSSE to process this case. I mentioned
HttpUrlConnection as an example there such interaction is implemented . This
warning doesn't affect existing SSLSession, you may check
sun.security.ssl.SSLContextImpl.clientCache associated with HttpClient to make
sure. For example AsyncHttpClient
([https://github.com/AsyncHttpClient/async-http-client)] output the same
warning but this doesn't prevent him from reusing of tls session. By the way if
uncomment code in my example and rewrite:
BHttpConnectionBase.close as:
{code:java}
@Override
public void close() throws IOException {
final Socket socket = this.socketHolder.getAndSet(null);
if (socket != null) {
this.inBuffer.clear();
this.outbuffer.flush();
try {
try {
socket.shutdownOutput();
} catch (IOException ignored) {
}
try {
socket.getInputStream().close();
} catch (IOException ignored) {
}
} finally {
try {
socket.close();
} catch (IOException ignored) {
}
}
}
}{code}
> HttpClient doesn't reuse TLS 1.2 Session
> ----------------------------------------
>
> Key: HTTPCLIENT-2134
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2134
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13, 5.0.3
> Reporter: Maxim Egorov
> Priority: Major
> Attachments: TestApacheHttpClientApp.java, handshake.log
>
>
> To reproduce run on java 11+:
> java -cp ... -Djavax.net.debug=ssl:handshake TestApacheHttpClientApp
> As you can see from handshake.log file HttpClient always create new tls
> session.
> The root of problem is support of Extended Master Key Extension in
> [https://github.com/openjdk/jdk/blob/jdk-11+28/src/java.base/share/classes/sun/security/ssl/ClientHello.java#L497.]
> The standard jdk HttpURLConnection doesn't be affected this issues because
> of it sets chc.sslConfig.identificationProtocol equals to HTTPS by default
> [https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java#L560.]
> I tried to repeat the same trick (The commented code), but due to the bugs
> of JDK [https://bugs.openjdk.java.net/browse/JDK-8253368] and may be
> incorrect implementation of method
> org.apache.http.impl.BHttpConnectionBase.close it doesn't work.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
