Summary: | jni.SSL.getSessionId returns null | ||
---|---|---|---|
Product: | Tomcat Native | Reporter: | Remy Maucherat <remm> |
Component: | Library | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 1.2.23 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Remy Maucherat
2020-06-04 12:19:38 UTC
The root cause of this behaviour is the session caching is hard-coded to disabled in sslcontext.c That is a different default to OpenSSL. Some svn archaeology is called for to figure out why this was chosen as the default. As a minimum, we need to expose the session cache mode and session cache size to the TLS connector. That is mostly going to be Tomcat code but I'll track it here for now. Turns out setting the session cache size was exposed and setting that automatically sets the mode correctly. The session ID is now available to the rewrite valve. I still want to check on why the tomcat-native default is to disable this. It was part of the big patch from netty ~5 years ago. It isn't mentioned explicitly so I am guessing session caching was disabled by default because it isn't needed when RFC 5077 session tickets are available. |