JDK-8242399 : Release Note: Stateless Resumption Enabled by Default for JSSE Server
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 14
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2020-04-08
  • Updated: 2020-04-27
  • Resolved: 2020-04-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 14
14Resolved
Description
Server-side JSSE now operates in stateless mode by default.  As described in RFC 5077[1] for TLS 1.2 and below, and RFC 8446[2] for TLS 1.3, the TLS server sends internal session information in the form of an encrypted session ticket to a client that supports stateless.  That session ticket is presented to the server during the TLS handshake to resume the session.  This should improve the performance and memory usage of the TLS server under large workloads as the session cache will seldom be used.  Applications that depend on SSLSession to list sessions cached will not find that information in stateless mode.

If stateless needs to be turned off, use the System property `jdk.tls.server.enableSessionTicketExtension`.   Using `-Djdk.tls.server.enableSessionTicketExtension=false` on the command-line will turn off stateless and return the JSSE server to using the session cache.


[1]: https://tools.ietf.org/html/rfc5077
[2]: https://tools.ietf.org/html/rfc8446