Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling client SSL session caching breaks SNI #7551

Closed
elipsion opened this issue Feb 8, 2022 · 5 comments
Closed

Disabling client SSL session caching breaks SNI #7551

elipsion opened this issue Feb 8, 2022 · 5 comments
Labels
Bug For general bugs on Jetty side

Comments

@elipsion
Copy link

elipsion commented Feb 8, 2022
edited
Loading

Jetty version(s)
11.0.7

Java version/vendor
AdoptOpenJDK 11.0.11.9-hotspot

OS type/version
Windows 11 21H2

Description
Disabling session caching in SslContextFactory has the unexpected side-effect of also disabling SNI.
It affects a decision when creating an SSLEngine which seeps down into the innards of Java SSL implementations

How to reproduce?
Create two Jetty HttpClients, one having a SslContextFactory with Session Caching disabled.
Run java with -Djavax.net.debug=all and look for this error
@elipsion elipsion added the Bug For general bugs on Jetty side label Feb 8, 2022
@github-actions
Copy link

github-actions bot commented Feb 9, 2023

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the Stale For auto-closed stale issues and pull requests label Feb 9, 2023
@elipsion
Copy link
Author

elipsion commented Feb 9, 2023

Uh, bump?

@sbordet sbordet removed the Stale For auto-closed stale issues and pull requests label Feb 9, 2023
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the Stale For auto-closed stale issues and pull requests label Feb 10, 2024
@sbordet sbordet removed the Stale For auto-closed stale issues and pull requests label Feb 10, 2024
@sbordet
Copy link
Contributor

sbordet commented Feb 10, 2024

@elipsion sorry for the delay looking into this.

Disabling session caching via SslContextFactory does not have any effect on the underlying SSLContext, it is just really to pick whether to call SSLContext.createSSLEngine() or SSLContext.createSSLEngine(String, int).
It does not have any effect on the actual SSLContext session cache.

So if your goal is to disable SSLSession caching, calling SslContextFactory.setSessionCachingEnabled(false) is the wrong method.

However, note that disabling SSLSession caching is not possible, see #519.

Your only option is to invalidate the SSLSession on the server-side, each time, for example using a Connection.Listener (see https://eclipse.dev/jetty/documentation/jetty-12/programming-guide/index.html#pg-arch-io-connection-listener).

@sbordet
Copy link
Contributor

sbordet commented Feb 10, 2024

I'm closing this as it works as expected.
Please comment if you have further insights.

@sbordet sbordet closed this as completed Feb 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side
Projects
No open projects
Jetty 12.0.7 - FROZEN
Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbordet @elipsion