Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ELY-1009] Default settings of SSL session caching for Elytron *-ssl-context are not safe #736

Merged
merged 1 commit into from
Mar 23, 2017
Merged

[ELY-1009] Default settings of SSL session caching for Elytron *-ssl-context are not safe #736

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 4 additions & 6 deletions src/main/java/org/wildfly/security/ssl/SSLContextBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,6 @@
* @author <a href="mailto:david.lloyd@redhat.com">David M. Lloyd</a>
*/
public final class SSLContextBuilder {
private static final int DEFAULT_SESSION_CACHE_SIZE = 0;
private static final int DEFAULT_SESSION_TIMEOUT = 0;

private SecurityDomain securityDomain;
private CipherSuiteSelector cipherSuiteSelector = CipherSuiteSelector.openSslDefault();
Expand Down Expand Up @@ -302,8 +300,8 @@ public SecurityFactory<SSLContext> build() {
final Supplier<Provider[]> providerSupplier = this.providerSupplier;
final boolean clientMode = this.clientMode;
final boolean authenticationOptional = this.authenticationOptional;
final int sessionCacheSize = (this.sessionCacheSize < 0) ? DEFAULT_SESSION_CACHE_SIZE : this.sessionCacheSize;
final int sessionTimeout = (this.sessionTimeout < 0) ? DEFAULT_SESSION_TIMEOUT : this.sessionTimeout;
final int sessionCacheSize = this.sessionCacheSize;
final int sessionTimeout = this.sessionTimeout;
final boolean wantClientAuth = this.wantClientAuth;
final boolean needClientAuth = this.needClientAuth;
final boolean useCipherSuitesOrder = this.useCipherSuitesOrder;
Expand All @@ -315,8 +313,8 @@ public SecurityFactory<SSLContext> build() {
final SSLContext sslContext = sslContextFactory.create();
SSLSessionContext sessionContext = clientMode ? sslContext.getClientSessionContext() : sslContext.getServerSessionContext();
if (sessionContext != null) {
sessionContext.setSessionCacheSize(sessionCacheSize);
sessionContext.setSessionTimeout(sessionTimeout);
if (sessionCacheSize >= 0) sessionContext.setSessionCacheSize(sessionCacheSize);
if (sessionTimeout >= 0) sessionContext.setSessionTimeout(sessionTimeout);
}
final X509KeyManager x509KeyManager = keyManagerSecurityFactory == null ? null : keyManagerSecurityFactory.create();
final X509TrustManager x509TrustManager = trustManagerSecurityFactory.create();
Expand Down