Hello Lifeng, The SSL session timeout and cache size are not currently configurable in Dropwizard. If one were inclined to add such functionality, it would be a simple matter of adding appropriate options to HttpsConnectorFactory <https://github.com/dropwizard/dropwizard/blob/master/dropwizard-jetty/src/main/java/io/dropwizard/jetty/HttpsConnectorFactory.java#L602> in order to interpolate new config options under the https application connector <http://www.dropwizard.io/1.0.3/docs/manual/configuration.html#https>.
Since Dropwizard doesn't override them, Jetty uses the JVM defaults, which anecdotally in OpenJDK7 <http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/54118c8e0ebe/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java#l57> are a session timeout of 24 hours and an unlimited cache size. On Mon, Oct 31, 2016 at 12:22 PM, lifeng.sang via dropwizard-user < [email protected]> wrote: > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Evan Meagher -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
