Dear all, TLS allows session resumption via session IDs or session tickets. [This post]( https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/) shows how this can be performed in Apache web server and Nginx. Specially, Apache has a [`SSLSessionTicketKeyFile` directive]( http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslsessionticketkeyfile) which allows the TLS session ticket to be encrypted by a specific key, rather than a key chosen randomly at startup. This is useful in cluster, where any cluster member can open a ticket encrypted by another member via a shared key.
I couldn't find a similar feature in [Tomcat TLS documentation]( https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support). If this can be done via configuration, so much the better. Otherwise, I have a hunch on how to do it programmatically. I found a method called [`setTicketKeys`]( https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/tomcat/util/net/openssl/OpenSSLSessionContext.html#setTicketKeys-byte:A-) which seems to be doing exactly what I want: public void setTicketKeys(byte[] keys) Sets the SSL session ticket keys of this context. Parameters: keys - The session ticket keys I also found [a class from Facebook Nifty]( https://github.com/facebookarchive/nifty/blob/master/nifty-ssl/src/main/java/com/facebook/nifty/ssl/OpenSslServerConfiguration.java) which uses this function. My question is: I need an instance of `OpenSSLSessionContext` to call `setTicketKeys()` on. How should I get this instance? PS: I use Tomcat 9.0.22 on Windows 10 x64. ---------------------- All the Best Wishes, M.S Dousti.
