Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9481

Default settings of SSL session caching for Elytron *-ssl-context are not safe

XMLWordPrintable

      The default values of maximum-session-cache-size and session-timeout of Elytron *-ssl-context are 0. This is not safe because SSL sessions can be stored indefinitely. Furthermore, such default settings overwrites default settings in Java, which can be unexpected.

      There should be reasonable combination of values, or Java default values should be (let) used.

      For example, see http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/security/ssl/SSLSessionContextImpl.java

              rhn-support-ivassile Ilia Vassilev
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: