8227551: Session Resumption without Server-Side State off by default

Reviewed-by: xuelei, jnimeh, jjiang
2019-07-17 12:31:21 -07:00 · 2019-07-17 12:31:21 -07:00 · bc7a8842a3
commit bc7a8842a3
parent 6f3bb94427
2 changed files with 17 additions and 7 deletions
--- a/open.iml
+++ b/open.iml
@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src/java.base/share/classes" isTestSource="false" />
+    </content>
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="inheritedJdk" />
+  </component>
+</module>
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
@ -69,8 +69,8 @@ final class SSLSessionContextImpl implements SSLSessionContext {
    private int cacheLimit;             // the max cache size
    private int timeout;                // timeout in seconds

-    // Does this context support stateless session (RFC 5077)
-    private boolean statelessSession = true;
+    // Default setting for stateless session resumption support (RFC 5077)
+    private boolean statelessSession = false;

    // package private
    SSLSessionContextImpl(boolean server) {
@ -234,15 +234,14 @@ final class SSLSessionContextImpl implements SSLSessionContext {
            // Property for Session Cache state
            if (server) {
                st = GetPropertyAction.privilegedGetProperty(
-                        "jdk.tls.server.enableSessionTicketExtension", "true");
+                        "jdk.tls.server.enableSessionTicketExtension", "false");
            } else {
                st = GetPropertyAction.privilegedGetProperty(
-                        "jdk.tls.client.enableSessionTicketExtension", "true");
-            }
-            if (st.compareToIgnoreCase("false") == 0) {
-                statelessSession = false;
+                        "jdk.tls.client.enableSessionTicketExtension", "false");
            }

+            statelessSession = Boolean.parseBoolean(st);
+
            // Property for Session Ticket Timeout.  The value can be changed
            // by SSLSessionContext.setSessionTimeout(int)
            String s = GetPropertyAction.privilegedGetProperty(