From 9c342637cccd02bc9fbed92caf65aaa35228d8ff Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Wed, 18 Sep 2024 18:58:54 +0200 Subject: [PATCH] Fixed #12284 - Excessive heap consumption by SSLSessionImpl by Jetty Server with TLS 1.3 and long-lived client. Now `SslSessionData` is stored as a field, rather than in the `SSLSession` as an attribute. This implies a little more cost to create the `SslSessionData` per connection rather than per `SSLSession`, but it should be negligible. Now `SslSessionData` cannot be retrieved as a `SSLSession` attribute, but we have explicit APIs to retrieve it, so it should not be a problem. Signed-off-by: Simone Bordet --- .../java/org/eclipse/jetty/io/EndPoint.java | 4 +- .../eclipse/jetty/io/ssl/SslConnection.java | 45 ++++++++++--------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/EndPoint.java b/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/EndPoint.java index 06b056a9ad6..c0bf0330e35 100644 --- a/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/EndPoint.java +++ b/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/EndPoint.java @@ -386,8 +386,8 @@ public interface EndPoint extends Closeable interface SslSessionData { /** - * The name at which an {@code SslSessionData} instance may be found as a request - * {@link org.eclipse.jetty.util.Attributes Attribute} or from {@link SSLSession#getValue(String)}. + * The name at which an {@code SslSessionData} instance may be found + * as a request {@link org.eclipse.jetty.util.Attributes attribute}. */ String ATTRIBUTE = "org.eclipse.jetty.io.Endpoint.SslSessionData"; diff --git a/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java index 39f74d7dde1..5645084508b 100644 --- a/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java +++ b/jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java @@ -506,6 +506,7 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr private final Callback _incompleteWriteCallback = new IncompleteWriteCallback(); private Throwable _failure; + private SslSessionData _sslSessionData; public SslEndPoint() { @@ -1571,6 +1572,28 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr } } + @Override + public SslSessionData getSslSessionData() + { + SSLSession sslSession = _sslEngine.getSession(); + SslSessionData sslSessionData = _sslSessionData; + if (sslSessionData == null) + { + String cipherSuite = sslSession.getCipherSuite(); + + X509Certificate[] peerCertificates = _sslContextFactory != null + ? _sslContextFactory.getX509CertChain(sslSession) + : SslContextFactory.getCertChain(sslSession); + + byte[] bytes = sslSession.getId(); + String idStr = StringUtil.toHexString(bytes); + + sslSessionData = SslSessionData.from(sslSession, idStr, cipherSuite, peerCertificates); + _sslSessionData = sslSessionData; + } + return sslSessionData; + } + @Override public String toString() { @@ -1643,28 +1666,6 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr return String.format("SSL@%h.DEP.writeCallback", SslConnection.this); } } - - @Override - public SslSessionData getSslSessionData() - { - SSLSession sslSession = _sslEngine.getSession(); - SslSessionData sslSessionData = (SslSessionData)sslSession.getValue(SslSessionData.ATTRIBUTE); - if (sslSessionData == null) - { - String cipherSuite = sslSession.getCipherSuite(); - - X509Certificate[] peerCertificates = _sslContextFactory != null - ? _sslContextFactory.getX509CertChain(sslSession) - : SslContextFactory.getCertChain(sslSession); - - byte[] bytes = sslSession.getId(); - String idStr = StringUtil.toHexString(bytes); - - sslSessionData = SslSessionData.from(sslSession, idStr, cipherSuite, peerCertificates); - sslSession.putValue(SslSessionData.ATTRIBUTE, sslSessionData); - } - return sslSessionData; - } } private abstract class RunnableTask implements Invocable.Task