java client application session resumption
Question
I am making a number of calls from a java client application to a server using a TLS connection. To avoid the TLS handshake overhead, I would like to resume the session using a session ID, similar to what a web browser does. I am currently establishing each request using an HttpsURLConenction object.
How is this accomplished in Java? What API am I looking for?
2 answers
solution1
0 ACCPTED 2015-10-05 15:39:35
To solve this problem, I used Apache's HttpClient API rather than the HttpsURLConnection. I am now able to keep the SSL context and make multiple calls without the need to do the full handshake (eg client signing operation).
SSLContext sslcontext = SSLContext.getInstance("TLSv1.2"); sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),null); sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()); ... //called multiple times CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
solution2
0 2016-05-25 03:50:04
Java already supports session resumption in toto . You don't have to do anything at either end.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.