Fixed #12284 - Excessive heap consumption by SSLSessionImpl by Jetty Server with TLS 1.3 and long-lived client.

Now `SslSessionData` is stored as a field, rather than in the `SSLSession` as an attribute.
This implies a little more cost to create the `SslSessionData` per connection rather than per `SSLSession`, but it should be negligible.

Now `SslSessionData` cannot be retrieved as a `SSLSession` attribute, but we have explicit APIs to retrieve it, so it should not be a problem.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2024-09-18 18:58:54 +02:00
parent 6f83639d32
commit 9c342637cc
2 changed files with 25 additions and 24 deletions

View File

@ -386,8 +386,8 @@ public interface EndPoint extends Closeable
interface SslSessionData
{
/**
* The name at which an {@code SslSessionData} instance may be found as a request
* {@link org.eclipse.jetty.util.Attributes Attribute} or from {@link SSLSession#getValue(String)}.
* The name at which an {@code SslSessionData} instance may be found
* as a request {@link org.eclipse.jetty.util.Attributes attribute}.
*/
String ATTRIBUTE = "org.eclipse.jetty.io.Endpoint.SslSessionData";

View File

@ -506,6 +506,7 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
private final Callback _incompleteWriteCallback = new IncompleteWriteCallback();
private Throwable _failure;
private SslSessionData _sslSessionData;
public SslEndPoint()
{
@ -1571,6 +1572,28 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
}
}
@Override
public SslSessionData getSslSessionData()
{
SSLSession sslSession = _sslEngine.getSession();
SslSessionData sslSessionData = _sslSessionData;
if (sslSessionData == null)
{
String cipherSuite = sslSession.getCipherSuite();
X509Certificate[] peerCertificates = _sslContextFactory != null
? _sslContextFactory.getX509CertChain(sslSession)
: SslContextFactory.getCertChain(sslSession);
byte[] bytes = sslSession.getId();
String idStr = StringUtil.toHexString(bytes);
sslSessionData = SslSessionData.from(sslSession, idStr, cipherSuite, peerCertificates);
_sslSessionData = sslSessionData;
}
return sslSessionData;
}
@Override
public String toString()
{
@ -1643,28 +1666,6 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
return String.format("SSL@%h.DEP.writeCallback", SslConnection.this);
}
}
@Override
public SslSessionData getSslSessionData()
{
SSLSession sslSession = _sslEngine.getSession();
SslSessionData sslSessionData = (SslSessionData)sslSession.getValue(SslSessionData.ATTRIBUTE);
if (sslSessionData == null)
{
String cipherSuite = sslSession.getCipherSuite();
X509Certificate[] peerCertificates = _sslContextFactory != null
? _sslContextFactory.getX509CertChain(sslSession)
: SslContextFactory.getCertChain(sslSession);
byte[] bytes = sslSession.getId();
String idStr = StringUtil.toHexString(bytes);
sslSessionData = SslSessionData.from(sslSession, idStr, cipherSuite, peerCertificates);
sslSession.putValue(SslSessionData.ATTRIBUTE, sslSessionData);
}
return sslSessionData;
}
}
private abstract class RunnableTask implements Invocable.Task