JDK-8229148 : SSLSession.invalidate() does not invalidate stateless tickets
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
Stateless tickets are not invalidated when the SSLSession.invalidate() method is called. Since the server keeps no state, there is no state to invalidate. This may change in a future update or release to keep a small cache tickets