Resume TLS connection in Java
Question
I'm working on Java TLS client and server witch will communicate frequently. I know that negotiating TLS connection is very resource and time consuming. I found one very interesting solution in GnuTLS . I'm interested is it possible to create Java TLS Client with resume capability - establish a new connection using the previously negotiated data.
Best wishes
2 answers
solution1
3 2012-09-07 13:05:16
As long as you use the same SSLSocketFactory to create the sockets, the JSSE implementation in Java will automatically resume an existing session, if the session is still valid.
You can verify this by invoking SSLSocket.getSession().getId() and check if two different sockets are using the same session.
solution2
1 2016-01-31 23:24:21
Actually, it is the sslcontext that you must keep, since it is the one containing the ssl session cache. SSLContext also has a SSLSessionContext getClientSessionContext(). This SSLSessionContext allows you to tune how many ssl session to keep and for how long.
Unfortunately, it is quite rare to have access to the SSLContext setup in 3rd parties They wrap it for you thinking they help you, or they do nothing asking you to provide an SSLServerSocketFactory classname (not even a pre-tuned instance of one).
In the case of client sockets, it is just has difficult. I usually have to prep a threadlocal socket factories anticipating that a socket will be opened a few dozen stackframes deeper.
The trick is to provide a classname of a lightweight socketfactory (client or server) that does nothing but lookup the threadlocal which contains the true factory you initialized the way you needed (with cache of ssl sessions, either as server or client).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.