Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.x: TLS default config values #8206

Merged
merged 2 commits into from
Jan 10, 2024
Merged

4.x: TLS default config values #8206

merged 2 commits into from
Jan 10, 2024

Conversation

danielkec
Copy link
Contributor

@danielkec danielkec commented Jan 8, 2024
edited
Loading

Fixes #8127

Helidon 2, 3

While in Helidon 2 and 3 following logic was used for sessionCacheSize and sessionTimeoutSeconds:

private long sessionCacheSize; // def 0
private long sessionTimeoutSeconds; //def 0
...
int sessionCacheSize = tlsConfig.sessionCacheSize();
if (sessionCacheSize > 0) {
  serverSessionContext.setSessionCacheSize(sessionCacheSize);
}
int sessionTimeoutSecs = tlsConfig.sessionTimeoutSeconds();
if (sessionTimeoutSecs > 0) {
  serverSessionContext.setSessionTimeout(sessionTimeoutSecs);
}

Resulting in an actual defaults being the unset defaults of SSLSessionContext:

  • void setSessionTimeout(int seconds); ----> 86400
    seconds – the new session timeout limit in seconds; zero means there is no limit.
    The JDK implementation returns the session timeout as set by the setSessionTimeout method, or if not set, a default value of 86400 seconds (24 hours).

  • void setSessionCacheSize(int size); ----> 20480
    size – the new session cache size limit; zero means there is no limit.
    The JDK implementation returns the cache size as set by the setSessionCacheSize method, or if not set, the value of the javax.net.ssl.sessionCacheSize system property. If neither is set, it returns a default value of 20480.

Helidon 4

In Helidon 4 we are currently using:

@ConfiguredOption("1024")
int sessionCacheSize();
@ConfiguredOption("PT30M")
Duration sessionTimeout();
...
SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (serverSessionContext != null) {
  serverSessionContext.setSessionCacheSize(tlsConfig.sessionCacheSize());
  serverSessionContext.setSessionTimeout((int) tlsConfig.sessionTimeout().toSeconds());
}

This PR alignes the defaults with previous versions of Helidon.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jan 8, 2024
@danielkec danielkec force-pushed the 8127-tls-cfg-defaults branch from f43ddb2 to 1144903 Compare January 8, 2024 09:38
@danielkec danielkec force-pushed the 8127-tls-cfg-defaults branch from 1144903 to fd0c065 Compare January 8, 2024 09:51
@danielkec danielkec changed the title 8127 TLS default config values 4.x: TLS default config values Jan 8, 2024
@danielkec danielkec requested a review from tomas-langer January 9, 2024 15:25
@danielkec danielkec merged commit bbf3cee into helidon-io:main Jan 10, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomas-langer tomas-langer tomas-langer approved these changes

@barchetta barchetta Awaiting requested review from barchetta

Assignees

@danielkec danielkec

Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

4.x: Check TLS session timeout
2 participants
@danielkec @tomas-langer