From fd0c065816e9bfdc498c84e37c5af48d37a2e2f9 Mon Sep 17 00:00:00 2001 From: Daniel Kec Date: Mon, 8 Jan 2024 10:04:27 +0100 Subject: [PATCH 1/2] 8127 TLS default config values --- .../common/tls/ConfiguredTlsManager.java | 9 ++++++--- .../helidon/common/tls/TlsConfigBlueprint.java | 18 +++++++++++++----- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java b/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java index cbe75e8444e..ac479e9369e 100644 --- a/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java +++ b/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Oracle and/or its affiliates. + * Copyright (c) 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,7 +50,6 @@ public class ConfiguredTlsManager implements TlsManager { // secure random cannot be stored in native image, it must // be initialized at runtime private static final LazyValue RANDOM = LazyValue.create(SecureRandom::new); - private final String name; private final String type; @@ -163,7 +162,11 @@ protected void initSslContext(TlsConfig tlsConfig, SSLSessionContext serverSessionContext = sslContext.getServerSessionContext(); if (serverSessionContext != null) { - serverSessionContext.setSessionCacheSize(tlsConfig.sessionCacheSize()); + if (tlsConfig.sessionCacheSize() != TlsConfig.DEFAULT_SESSION_CACHE_SIZE) { + // To allow javax.net.ssl.sessionCacheSize system property usage + // see javax.net.ssl.SSLSessionContext.getSessionCacheSize doc + serverSessionContext.setSessionCacheSize(tlsConfig.sessionCacheSize()); + } // seconds serverSessionContext.setSessionTimeout((int) tlsConfig.sessionTimeout().toSeconds()); } diff --git a/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java b/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java index efbe3d8de8e..b2a007d1530 100644 --- a/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java +++ b/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Oracle and/or its affiliates. + * Copyright (c) 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,6 +40,14 @@ interface TlsConfigBlueprint extends Prototype.Factory { * The default protocol is set to {@value}. */ String DEFAULT_PROTOCOL = "TLS"; + /** + * The default session cache size as defined for unset value in {@link javax.net.ssl.SSLSessionContext#getSessionCacheSize()}. + */ + int DEFAULT_SESSION_CACHE_SIZE = 20480; + /** + * The default session timeout as defined for unset value in {@link javax.net.ssl.SSLSessionContext#getSessionTimeout()}. + */ + String DEFAULT_SESSION_TIMEOUT = "PT24H"; @Prototype.FactoryMethod static Optional createPrivateKey(Keys config) { @@ -248,17 +256,17 @@ static List createTrust(Keys config) { /** * SSL session cache size. * - * @return session cache size, defaults to 1024 + * @return session cache size, defaults to {@value DEFAULT_SESSION_CACHE_SIZE}. */ - @ConfiguredOption("1024") + @Option.DefaultInt(DEFAULT_SESSION_CACHE_SIZE) int sessionCacheSize(); /** * SSL session timeout. * - * @return session timeout, defaults to 30 minutes + * @return session timeout, defaults to {@value DEFAULT_SESSION_TIMEOUT}. */ - @ConfiguredOption("PT30M") + @Option.Default(DEFAULT_SESSION_TIMEOUT) Duration sessionTimeout(); /** From d9967915e44920d0da9c8c96386e5d3015c941ba Mon Sep 17 00:00:00 2001 From: Daniel Kec Date: Tue, 9 Jan 2024 16:23:48 +0100 Subject: [PATCH 2/2] Copyright fix --- .../main/java/io/helidon/common/tls/ConfiguredTlsManager.java | 2 +- .../src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java b/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java index ac479e9369e..5716515e5cd 100644 --- a/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java +++ b/common/tls/src/main/java/io/helidon/common/tls/ConfiguredTlsManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Oracle and/or its affiliates. + * Copyright (c) 2023, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java b/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java index b2a007d1530..6082b454669 100644 --- a/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java +++ b/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Oracle and/or its affiliates. + * Copyright (c) 2023, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.