This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new 0c5c6b6 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571 0c5c6b6 is described below commit 0c5c6b60c76cfd2c085437e79d85c622c852b18a Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jul 25 10:49:28 2019 +0100 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63571 Allow users to specify infinite TLS session cache and/or timeout --- java/org/apache/tomcat/util/net/SSLHostConfig.java | 3 ++- java/org/apache/tomcat/util/net/SSLUtilBase.java | 7 +++++-- webapps/docs/changelog.xml | 4 ++++ webapps/docs/config/http.xml | 12 ++++++++---- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java b/java/org/apache/tomcat/util/net/SSLHostConfig.java index 56d8152..57a17eb 100644 --- a/java/org/apache/tomcat/util/net/SSLHostConfig.java +++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java @@ -99,7 +99,8 @@ public class SSLHostConfig implements Serializable { private List<String> jsseCipherNames = null; private String honorCipherOrder = null; private Set<String> protocols = new HashSet<>(); - private int sessionCacheSize = 0; + // Values <0 mean use the implementation default + private int sessionCacheSize = -1; private int sessionTimeout = 86400; // JSSE private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java b/java/org/apache/tomcat/util/net/SSLUtilBase.java index beb6fd4..00df440 100644 --- a/java/org/apache/tomcat/util/net/SSLUtilBase.java +++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java @@ -256,10 +256,13 @@ public abstract class SSLUtilBase implements SSLUtil { @Override public void configureSessionContext(SSLSessionContext sslSessionContext) { - if (sslHostConfig.getSessionCacheSize() > 0) { + // <0 - don't set anything - use the implementation default + if (sslHostConfig.getSessionCacheSize() >= 0) { sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize()); } - if (sslHostConfig.getSessionTimeout() > 0) { + + // <0 - don't set anything - use the implementation default + if (sslHostConfig.getSessionTimeout() >= 0) { sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout()); } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 50c853b..f798aee 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -90,6 +90,10 @@ internal error that results in a 500 response. (markt) </fix> <fix> + <bug>63571</bug>: Allow users to configure infinite TLS session caches + and/or timeouts. (markt) + </fix> + <fix> <bug>63578</bug>: Improve handling of invalid requests so that 400 responses are returned to the client rather than 500 responses. (markt) </fix> diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml index 1b6be0a..14c0cae 100644 --- a/webapps/docs/config/http.xml +++ b/webapps/docs/config/http.xml @@ -1319,14 +1319,18 @@ </attribute> <attribute name="sessionCacheSize" required="false"> - <p>The number of SSL sessions to maintain in the session cache. Use 0 to - specify an unlimited cache size. If not specified, a default of 0 is - used.</p> + <p>The number of SSL sessions to maintain in the session cache. Specify + <code>-1</code> to use the implementation default. Values of zero and + above are passed to the implementation. Zero is used to specify an + unlimited cache size and is not recommended. If not specified, a default + of <code>-1</code> is used.</p> </attribute> <attribute name="sessionTimeout" required="false"> <p>The time, in seconds, after the creation of an SSL session that it will - timeout. Use 0 to specify an unlimited timeout. If not specified, a + timeout. Specify <code>-1</code> to use the implementation default. Values + of zero and above are passed to the implementation. Zero is used to + specify an unlimited timeout and is not recommended. If not specified, a default of 86400 (24 hours) is used.</p> </attribute> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org