A DESCRIPTION OF THE PROBLEM :
The implementation of hashCode() in sun.security.ssl.SessionId generates many collisions.
The SslEngine of Oracle has an HashMap of SessionId, and because the hashCode generates many collisions the HashMap gets really slow due to the conversion from List to a Tree of a bucket.

This issue was discovered by studying the following stacktrace:
   java.lang.Thread.State: RUNNABLE
at java.util.HashMap$TreeNode.find(HashMap.java:1878)
at java.util.HashMap$TreeNode.find(HashMap.java:1874)
at java.util.HashMap$TreeNode.find(HashMap.java:1874)
at java.util.HashMap$TreeNode.find(HashMap.java:1874)
at java.util.HashMap$TreeNode.find(HashMap.java:1874)
at java.util.HashMap$TreeNode.find(HashMap.java:1874)
at java.util.HashMap$TreeNode.getTreeNode(HashMap.java:1886)
at java.util.HashMap.removeNode(HashMap.java:824)
at java.util.HashMap.remove(HashMap.java:799)
at sun.security.util.MemoryCache.emptyQueue(Cache.java:299)
at sun.security.util.MemoryCache.get(Cache.java:386)

The MemoryCache class is synchronised and because the HashMap gets really inefficient, many threads were blocked waiting for this class.

The current hashCode implementation is very inefficient, If you generates 10M random SessionId of 32bytes, you can have more than 10K elements with the same hashCode.
The current implementation sum an array of 32 bytes (maximum), which is very similar to the concept of the "probability of 2 dice": http://statweb.stanford.edu/~susan/courses/s60/split/node65.html
Current SessionId.hashCode() implementation:
        for (byte element : a)
            result +=element;

A better implementation of the hashCode for a byte array is the one in Arrays.hashCode(byte[]), that for 10M random SessionId of 32byte collides only 2/3 times maximum for the same hashCode.