Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211018 Session Resumption without Server-Side State
  3. JDK-8227105

Release Note: Session Resumption without Server-Side State in JSSE




      The feature allows for the server-side of JSSE to operate stateless. As described in RFC 5077[1] for TLS 1.2 and below, and RFC 8446[2] for TLS 1.3, the TLS server sends internal session information in the form of an encrypted session ticket to a client that supports stateless. That session ticket is presented to the server during the TLS handshake to resume the session. This should improve the performance and memory usage of the TLS server under large workloads as the session cache will seldom be used. With less session information cached, some session information may not be available. This feature is not enabled by default and can be turned on by setting two properties.

      Note that invalidated stateless TLS sessions could be resumed in the current implementation. The behavior is not guaranteed to be the same in future releases and updates (see bugid JDK-8229148)

      Note that in the current implementation, the return value of `SSLSession.getID()` is not persistent across resumption for TLS 1.3 and stateless TLS 1.2 connections. This could be an issue if applications rely on the session identifier values. This may change to be consistent a future release (See bugid JDK-8229149)

      Two new System properties are added in support of this feature:
      `jdk.tls.client.enableSessionTicketExtension` is used on the client side to toggle the Session Ticket Extension on the ClientHello message for TLS 1.2. Property value: "`true`" sends the extension, "`false`" does not (default).

      `jdk.tls.server.enableSessionTicketExtension` enables a server to use stateless session tickets if the client supports it. Clients that do not support stateless session tickets will use the cache. Property value: "`true`" enables stateless, "`false`" does not (default).

      [1]: https://tools.ietf.org/html/rfc5077
      [2]: https://tools.ietf.org/html/rfc8446




            ascarpino Anthony Scarpino
            ascarpino Anthony Scarpino
            0 Vote for this issue
            2 Start watching this issue