8127 TLS default config values

helidon-io · Jan 8, 2024 · fd0c065 · fd0c065
1 parent db10837
commit fd0c065
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java b/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -50,7 +50,6 @@ public class ConfiguredTlsManager implements TlsManager {
     // secure random cannot be stored in native image, it must
     // be initialized at runtime
     private static final LazyValue<SecureRandom> RANDOM = LazyValue.create(SecureRandom::new);
-
     private final String name;
     private final String type;
 
@@ -163,7 +162,11 @@ protected void initSslContext(TlsConfig tlsConfig,
 
             SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
             if (serverSessionContext != null) {
-                serverSessionContext.setSessionCacheSize(tlsConfig.sessionCacheSize());
+                if (tlsConfig.sessionCacheSize() != TlsConfig.DEFAULT_SESSION_CACHE_SIZE) {
+                    // To allow javax.net.ssl.sessionCacheSize system property usage
+                    // see javax.net.ssl.SSLSessionContext.getSessionCacheSize doc
+                    serverSessionContext.setSessionCacheSize(tlsConfig.sessionCacheSize());
+                }
                 // seconds
                 serverSessionContext.setSessionTimeout((int) tlsConfig.sessionTimeout().toSeconds());
             }

diff --git a/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java b/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,6 +40,14 @@ interface TlsConfigBlueprint extends Prototype.Factory<Tls> {
      * The default protocol is set to {@value}.
      */
     String DEFAULT_PROTOCOL = "TLS";
+    /**
+     * The default session cache size as defined for unset value in {@link javax.net.ssl.SSLSessionContext#getSessionCacheSize()}.
+     */
+    int DEFAULT_SESSION_CACHE_SIZE = 20480;
+    /**
+     * The default session timeout as defined for unset value in {@link javax.net.ssl.SSLSessionContext#getSessionTimeout()}.
+     */
+    String DEFAULT_SESSION_TIMEOUT = "PT24H";
 
     @Prototype.FactoryMethod
     static Optional<PrivateKey> createPrivateKey(Keys config) {
@@ -248,17 +256,17 @@ static List<X509Certificate> createTrust(Keys config) {
     /**
      * SSL session cache size.
      *
-     * @return session cache size, defaults to 1024
+     * @return session cache size, defaults to {@value DEFAULT_SESSION_CACHE_SIZE}.
      */
-    @ConfiguredOption("1024")
+    @Option.DefaultInt(DEFAULT_SESSION_CACHE_SIZE)
     int sessionCacheSize();
 
     /**
      * SSL session timeout.
      *
-     * @return session timeout, defaults to 30 minutes
+     * @return session timeout, defaults to {@value DEFAULT_SESSION_TIMEOUT}.
      */
-    @ConfiguredOption("PT30M")
+    @Option.Default(DEFAULT_SESSION_TIMEOUT)
     Duration sessionTimeout();
 
     /**