Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ELY-1009] Default settings of SSL session caching for Elytron *-ssl-context are not safe #736

Merged
merged 1 commit into from Mar 23, 2017
Merged

[ELY-1009] Default settings of SSL session caching for Elytron *-ssl-context are not safe #736

merged 1 commit into from Mar 23, 2017

Conversation

ivassile
Copy link
Contributor

@dmlloyd dmlloyd added the +1 DML label Mar 22, 2017
darranl
darranl requested changes Mar 22, 2017
View reviewed changes
src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java Outdated
@@ -315,8 +313,8 @@ public SSLContextBuilder setWrap(final boolean wrap) {
final SSLContext sslContext = sslContextFactory.create();
SSLSessionContext sessionContext = clientMode ? sslContext.getClientSessionContext() : sslContext.getServerSessionContext();
if (sessionContext != null) {
sessionContext.setSessionCacheSize(sessionCacheSize);
sessionContext.setSessionTimeout(sessionTimeout);
if (sessionCacheSize > 0) sessionContext.setSessionCacheSize(sessionCacheSize);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs to be >= 0 and ensure the default if never set is -1

Although we don't want the default to be '0' it is still a valid value that could be set.

@ivassile ivassile mentioned this pull request Mar 22, 2017
Merged
@ivassile
Copy link
Contributor Author

Submitted the requested changes.

@darranl darranl merged commit 030b1c9 into wildfly-security:master Mar 23, 2017
@darranl darranl added the +1 DAL label Mar 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darranl darranl darranl approved these changes

Assignees
No one assigned
Labels
+1 DAL +1 DML +1 PI
Projects
None yet
Milestone
No milestone
4 participants
@ivassile @darranl @dmlloyd @pedroigor