[jboss-jira] [JBoss JIRA] (ELY-1009) Default settings of SSL session caching for Elytron *-ssl-context are not safe

Default settings of SSL session caching for Elytron *-ssl-context are not safe ------------------------------------------------------------------------------ Key: ELY-1009 URL: https://issues.jboss.org/browse/ELY-1009 Project: WildFly Elytron Issue Type: Bug Components: SSL Affects Versions: 1.1.0.Beta29 Reporter: Ilia Vassilev Assignee: Ilia Vassilev Priority: Critical Labels: default, management-model, ssl, tls The default values of {{maximum-session-cache-size}} and {{session-timeout}} of Elytron {{*-ssl-context}} are {{0}}. This is not safe because SSL sessions can be stored indefinitely. Furthermore, such default settings overwrites default settings in Java, which can be unexpected. There should be reasonable combination of values, or Java default values should be (let) used. For example, see http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u...