Spring boot 2 tomcat ssl handshake caching Spring boot 2 tomcat ssl handshake caching nginx nginx

Spring boot 2 tomcat ssl handshake caching


spring spring-boot ssl nginx tomcat

Java's JSSE has already a default session cache of 20480 entries with an expiration of 24 hours.

If you want to change these values:

  • on a the global level you can set the system property javax.net.ssl.sessionCacheSize to the desired cache size (cf. customizing JSSE),
  • in an external Tomcat, you can use the properties sessionCacheSize and sessionTimeout of the <SSLHostConfig> element,
  • when you use the embedded Tomcat server, you can define a TomcatConnectorCustomizer, e.g.
@Componentpublic class SSLSessionCustomizer implements TomcatConnectorCustomizer {   @Override   public void customize(Connector connector) {      for (final SSLHostConfig hostConfig : connector.findSslHostConfigs()) {         hostConfig.setSessionCacheSize(40960);         hostConfig.setSessionTimeout(2 * 24 * 60 * 60);      }   }}

Remark: You can use openssl s_client -reconnect to test the session resumption. However in recent versions of Java, JSSE aborts session resumption if the TLS extension extended_master_secret is missing (cf. release notes). Older clients, like those based on OpenSSL 1.0 do not support this extension. If compatibility is important for you, you can set the system property:

jdk.tls.useExtendedMasterSecret=false

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last