Details
-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
minimal
-
The update is about performance tuning, the compatibility impact should be minimal,
-
JDK
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8224766 | 11.0.5 | Paul Hohensee | P3 | Closed | Approved | |
JDK-8224770 | openjdk8u222 | Paul Hohensee | P3 | Closed | Approved |
Description
Summary
Update the default value for the maximum number of entries in the SSL session cache (SSLSessionContext.getSessionCacheSize()).
Problem
The default value for the maximum number of entries in the SSL session cache (SSLSessionContext.getSessionCacheSize()) is infinite, and the entry timeout is 24 hours. With larger heaps, applications are running into situations where the cache ends up with several million entries at the 24 hour mark, at which time many of them are invalidated at almost the same time, which can result in multi-minute pauses, which are effectively service failures.
However, no matter what the default value is, it will not fit perfectly in all situations.
Solution
Update to use a default maximum session cache size other than infinite in JDK.
Specification
- Update the SunJSSE provider to use 20480 as the default session cache size for SSLSessionContext.
Update the javax.net.ssl.SSLSessionContext specification with more clarification.
/** * Sets the timeout limit for <code>SSLSession</code> objects grouped * under this <code>SSLSessionContext</code>. * <p> * If the timeout limit is set to 't' seconds, a session exceeds the * timeout limit 't' seconds after its creation time. * When the timeout limit is exceeded for a session, the * <code>SSLSession</code> object is invalidated and future connections * cannot resume or rejoin the session. * A check for sessions exceeding the timeout is made immediately whenever * the timeout limit is changed for this <code>SSLSessionContext</code>. + * + * @apiNote Note that the JDK Implementation uses default values for both + * the session cache size and timeout. See + * {@code getSessionCacheSize} and {@code getSessionTimeout} for + * more information. Applications should consider their + * performance requirements and override the defaults if necessary. + * * @param seconds the new session timeout limit in seconds; zero means * there is no limit. * * @exception IllegalArgumentException if the timeout specified is {@code < 0}. * @see #getSessionTimeout */ public void setSessionTimeout(int seconds) throws IllegalArgumentException; /** * Returns the timeout limit of <code>SSLSession</code> objects grouped * under this <code>SSLSessionContext</code>. * <p> * If the timeout limit is set to 't' seconds, a session exceeds the * timeout limit 't' seconds after its creation time. * When the timeout limit is exceeded for a session, the * <code>SSLSession</code> object is invalidated and future connections * cannot resume or rejoin the session. * A check for sessions exceeding the timeout limit is made immediately * whenever the timeout limit is changed for this * <code>SSLSessionContext</code>. + * + * @implNote The JDK implementation returns the session timeout as set by + * the {@code setSessionTimeout} method, or if not set, a default + * value of 86400 seconds (24 hours). + * * @return the session timeout limit in seconds; zero means there is no * limit. * * @see #setSessionTimeout */ public int getSessionTimeout(); /** * Sets the size of the cache used for storing * <code>SSLSession</code> objects grouped under this * <code>SSLSessionContext</code>. + * + * @apiNote Note that the JDK Implementation uses default values for both + * the session cache size and timeout. See + * {@code getSessionCacheSize} and {@code getSessionTimeout} for + * more information. Applications should consider their + * performance requirements and override the defaults if necessary. * * @param size the new session cache size limit; zero means there is no * limit. * @exception IllegalArgumentException if the specified size is {@code < 0}. * @see #getSessionCacheSize */ public void setSessionCacheSize(int size) throws IllegalArgumentException; /** * Returns the size of the cache used for storing * <code>SSLSession</code> objects grouped under this * <code>SSLSessionContext</code>. + * + * @implNote The JDK implementation returns the cache size as set by + * the {@code setSessionCacheSize method}, or if not set, the + * value of the {@systemProperty javax.net.ssl.sessionCacheSize} + * system property. If neither is set, it returns a default + * value of 20480. * * @return size of the session cache; zero means there is no size limit. * @see #setSessionCacheSize */ public int getSessionCacheSize();
Attachments
Issue Links
- backported by
-
JDK-8224766 Update the default SSL session cache size to 20480
- Closed
-
JDK-8224770 Update the default SSL session cache size to 20480
- Closed
- csr of
-
JDK-8210985 Update the default SSL session cache size to 20480
- Resolved
- relates to
-
JDK-8213579 Document the System Property, javax.net.ssl.sessionCacheSize
- Resolved
-
JDK-8248721 Backport TLSv1.3 protocol implementation
- Closed