JDK-8190697 : Provide a API to disable SSL session resumption per Application
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,9
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2017-11-01
  • Updated: 2019-02-06
  • Resolved: 2019-02-06
Related Reports
Relates :  
JDK-8134497 - Add TLS support for RFC 5077 Session Ticket
Description
A DESCRIPTION OF THE REQUEST :
Currently SSL session resumption is opened by default. No way to disable it for whole application. Only can specify the cache size and cache timeout, but set 0 to cache size or cache time means no limit.  




JUSTIFICATION :
When using a library like MySQL connector JDBC, and your server is under load balance, then use SSL session resumption will cause some connections failed. Need provide a way to disable the SSL session resumption. 

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
When specify the cache timeout to -1, then the cache is disabled.
ACTUAL -
Can not disable SSL session cache.
Comments
JDK-8134497 should be able to address the concerns. Close it as "Won't fix".
06-02-2019
Session resumption is designed to save server load. I'm not sure disable session resumption could help for the case actually. I will have this request open, and think about if there are other options.
20-12-2017