New options for configuring SSLSession cache, close AsyncHttpClient#837

sslSessionCacheSize + sslSessionTimeout

Author: slandelle

src/main/java/com/ning/http/client/AsyncHttpClientConfig.java

@@ -78,6 +78,8 @@ public class AsyncHttpClientConfig {
     protected int ioThreadMultiplier;
     protected String[] enabledProtocols;
     protected String[] enabledCipherSuites;
+    protected Integer sslSessionCacheSize;
+    protected Integer sslSessionTimeout;
     protected AsyncHttpProviderConfig<?, ?> providerConfig;
 
     protected AsyncHttpClientConfig() {
@@ -113,6 +115,8 @@ private AsyncHttpClientConfig(int connectTimeout,//
             int ioThreadMultiplier, //
             String[] enabledProtocols,//
             String[] enabledCipherSuites,//
+            Integer sslSessionCacheSize,//
+            Integer sslSessionTimeout,//
             AsyncHttpProviderConfig<?, ?> providerConfig) {
 
         this.connectTimeout = connectTimeout;
@@ -145,6 +149,8 @@ private AsyncHttpClientConfig(int connectTimeout,//
         this.ioThreadMultiplier = ioThreadMultiplier;
         this.enabledProtocols = enabledProtocols;
         this.enabledCipherSuites = enabledCipherSuites;
+        this.sslSessionCacheSize = sslSessionCacheSize;
+        this.sslSessionTimeout = sslSessionCacheSize;
         this.providerConfig = providerConfig;
     }
 
@@ -452,6 +458,20 @@ public String[] getEnabledCipherSuites() {
         return enabledCipherSuites;
     }
 
+    /**
+     * since 1.9.13
+     */
+    public Integer getSslSessionCacheSize() {
+        return sslSessionCacheSize;
+    }
+
+    /**
+     * since 1.9.13
+     */
+    public Integer getSslSessionTimeout() {
+        return sslSessionTimeout;
+    }
+
     /**
      * Builder for an {@link AsyncHttpClient}
      */
@@ -488,6 +508,8 @@ public static class Builder {
         private int ioThreadMultiplier = defaultIoThreadMultiplier();
         private String[] enabledProtocols;
         private String[] enabledCipherSuites;
+        private Integer sslSessionCacheSize = defaultSslSessionCacheSize();
+        private Integer sslSessionTimeout = defaultSslSessionTimeout();
         private AsyncHttpProviderConfig<?, ?> providerConfig;
 
         public Builder() {
@@ -900,6 +922,16 @@ public Builder setEnabledCipherSuites(String[] enabledCipherSuites) {
             return this;
         }
 
+        public Builder setSslSessionCacheSize(Integer sslSessionCacheSize) {
+            this.sslSessionCacheSize = sslSessionCacheSize;
+            return this;
+        }
+        
+        public Builder setSslSessionTimeout(Integer sslSessionTimeout) {
+            this.sslSessionTimeout = sslSessionTimeout;
+            return this;
+        }
+        
         /**
          * Create a config builder with values taken from the given prototype configuration.
          *
@@ -940,6 +972,8 @@ public Builder(AsyncHttpClientConfig prototype) {
             strict302Handling = prototype.isStrict302Handling();
             enabledProtocols = prototype.enabledProtocols;
             enabledCipherSuites = prototype.enabledCipherSuites;
+            sslSessionCacheSize = prototype.sslSessionCacheSize;
+            sslSessionTimeout = prototype.sslSessionTimeout;
             acceptAnyCertificate = prototype.acceptAnyCertificate;
         }
 
@@ -1001,6 +1035,8 @@ public Thread newThread(Runnable r) {
                     ioThreadMultiplier, //
                     enabledProtocols, //
                     enabledCipherSuites, //
+                    sslSessionCacheSize, //
+                    sslSessionTimeout, //
                     providerConfig);
         }
     }

src/main/java/com/ning/http/client/AsyncHttpClientConfigDefaults.java

@@ -108,4 +108,12 @@ public static boolean defaultDisableUrlEncodingForBoundRequests() {
     public static boolean defaultAcceptAnyCertificate() {
         return getBoolean(ASYNC_CLIENT + "acceptAnyCertificate", false);
     }
+    
+    public static Integer defaultSslSessionCacheSize() {
+        return Integer.getInteger(ASYNC_CLIENT + "sslSessionCacheSize");
+    }
+
+    public static Integer defaultSslSessionTimeout() {
+        return Integer.getInteger(ASYNC_CLIENT + "sslSessionTimeout");
+    }
 }

src/main/java/com/ning/http/client/SSLEngineFactory.java

@@ -44,11 +44,8 @@ public DefaultSSLEngineFactory(AsyncHttpClientConfig config) {
 
         @Override
         public SSLEngine newSSLEngine(String peerHost, int peerPort) throws GeneralSecurityException {
-            SSLContext sslContext = config.getSSLContext();
-
-            if (sslContext == null)
-                sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate());
-
+            SSLContext sslContext = SslUtils.getInstance().getSSLContext(config);
+            
             SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
             if (!config.isAcceptAnyCertificate()) {
                 SSLParameters params = sslEngine.getSSLParameters();

src/main/java/com/ning/http/client/providers/jdk/JDKAsyncHttpProvider.java

@@ -68,7 +68,6 @@
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
-import java.security.NoSuchAlgorithmException;
 import java.util.Map;
 import java.util.concurrent.Callable;
 import java.util.concurrent.TimeoutException;
@@ -183,15 +182,11 @@ private HttpURLConnection createUrlConnection(Request request) throws IOExceptio
 
         if (request.getUri().getScheme().equals("https")) {
             HttpsURLConnection secure = (HttpsURLConnection) urlConnection;
-            SSLContext sslContext = config.getSSLContext();
-            if (sslContext == null) {
-                try {
-                    sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate());
-                } catch (NoSuchAlgorithmException e) {
-                    throw new IOException(e.getMessage());
-                } catch (GeneralSecurityException e) {
-                    throw new IOException(e.getMessage());
-                }
+            SSLContext sslContext;
+            try {
+                sslContext = SslUtils.getInstance().getSSLContext(config);
+            } catch (GeneralSecurityException e) {
+                throw new IOException(e.getMessage());
             }
             secure.setSSLSocketFactory(sslContext.getSocketFactory());
             secure.setHostnameVerifier(config.getHostnameVerifier());

src/main/java/com/ning/http/util/SslUtils.java

@@ -15,6 +15,8 @@
  */
 package com.ning.http.util;
 
+import com.ning.http.client.AsyncHttpClientConfig;
+
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
@@ -61,7 +63,16 @@ public static SslUtils getInstance() {
         return SingletonHolder.instance;
     }
 
-    public SSLContext getSSLContext(boolean acceptAnyCertificate) throws GeneralSecurityException {
-        return acceptAnyCertificate ? looseTrustManagerSSLContext : SSLContext.getDefault();
+    public SSLContext getSSLContext(AsyncHttpClientConfig config) throws GeneralSecurityException {
+        SSLContext sslContext = config.getSSLContext();
+
+        if (sslContext != null) {
+            sslContext = config.isAcceptAnyCertificate() ? looseTrustManagerSSLContext : SSLContext.getDefault();
+            if (config.getSslSessionCacheSize() != null)
+                sslContext.getClientSessionContext().setSessionCacheSize(config.getSslSessionCacheSize());
+            if (config.getSslSessionTimeout() != null)
+                sslContext.getClientSessionContext().setSessionTimeout(config.getSslSessionTimeout());
+        }
+        return sslContext;
     }
 }