mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wolter Eldering <wol...@eldering.net>
Subject SSLFilter and SSL session reuse
Date Fri, 08 Dec 2006 21:23:09 GMT

I noticed that the SSLFilter will create a new SSL session for every  
new connection.

As far as I can see this is caused by the way the SSLEngine is  
created in the SSLHandler class.

114 : 	  	  	 sslEngine = ctx.createSSLEngine();

There are two factory methods available to creating a SSLEngine.

The javadoc for createSSLEngine() is not very clear:
	"Applications using this factory method are providing no hints for  
an internal session reuse strategy. If hints are desired,  
createSSLEngine(String, int) should be used instead."
Apparently this means: an SSLEngine created with this factory method  
will not be able to reuse sessions.

To test the difference between the two factory methods I have made a  
test version of the SSLFilter where a hint can be stored in the session:

	InetSocketAddress hint = (InetSocketAddress) session.getAttribute 
	if (hint == null) {
		sslEngine = ctx.createSSLEngine();
	} else {
		sslEngine = ctx.createSSLEngine(hint.getHostName(), hint.getPort());

With both the javax.net.debug options and Ethereal I was able to  
verify that sessions where reused only when I set the hint.

Does anybody if and how SSL sessions can be reused when using  

Wolter Eldering

View raw message