[jbossws-issues] [JBoss JIRA] Commented: (JBWS-3202) JBossWS does not reuse SSL sessions

Richard Opalka (JIRA) jira-events at lists.jboss.org
Tue Jan 25 04:40:51 EST 2011 

    [ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12577694#comment-12577694 ] 

Richard Opalka commented on JBWS-3202:
--------------------------------------

JBoss WS (series 3.1.2x and before) transport delegates to JBoss Remoting
and remoting uses URL facade for SSL communications.
In order to reuse created SSL connections we would
need access to JBoss Remoting created URLConnection objects.
Unfortunately because of JBoss Remoting API design
we don't have access to URLConnection objects
that are created internally and thus we cannot reuse SSL sessions.

In Java SSL session is created (in HttpsUrlConnectionImpl)
when user is calling conn.getOutputStream().
If there's cached SSL session/connection it's reused.
But Remoting is always creating new URL connection on each invocation request.
This causes SSL handshakes on every request :(

> JBossWS does not reuse SSL sessions
> -----------------------------------
>
>                 Key: JBWS-3202
>                 URL: https://issues.jboss.org/browse/JBWS-3202
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: jbossws-native
>    Affects Versions:  jbossws-native-3.1.2
>         Environment: JBoss Enterprise Application Platform 5.x
> JBossWS 3.1.2
>            Reporter: Mustafa Musaji
>            Assignee: Richard Opalka
>         Attachments: example.zip
>
>
> When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request.
> SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made.
> JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list