[jbossws-issues] [JBoss JIRA] Commented: (JBWS-3202) JBossWS does not reuse SSL sessions
[
https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin....
]
Richard Opalka commented on JBWS-3202:
--------------------------------------
JBoss WS (series 3.1.2x and before) transport delegates to JBoss Remoting
and remoting uses URL facade for SSL communications.
In order to reuse created SSL connections we would
need access to JBoss Remoting created URLConnection objects.
Unfortunately because of JBoss Remoting API design
we don't have access to URLConnection objects
that are created internally and thus we cannot reuse SSL sessions.
In Java SSL session is created (in HttpsUrlConnectionImpl)
when user is calling conn.getOutputStream().
If there's cached SSL session/connection it's reused.
But Remoting is always creating new URL connection on each invocation request.
This causes SSL handshakes on every request :(
JBossWS does not reuse SSL sessions
-----------------------------------
Key: JBWS-3202
URL: https://issues.jboss.org/browse/JBWS-3202
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.1.2
Environment: JBoss Enterprise Application Platform 5.x
JBossWS 3.1.2
Reporter: Mustafa Musaji
Assignee: Richard Opalka
Attachments: example.zip
When creating a web service client and sending multiple requests over SSL to JBoss EAP
the client doesn't reuse the already established connection and instead a SSL
handshake takes place on every request.
SSL session id is shown in ssl debug log but this is different on every request. Using
Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id
being reused on every subsequent request being made.
JBossWS should reuse the already established connection and not do the expensive SSL
handshake on every request.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira