Fixed #12284 - Excessive heap consumption by SSLSessionImpl by Jetty Server with TLS 1.3 and long-lived client.

Now `SslSessionData` is stored as a field, rather than in the `SSLSession` as an attribute.
This implies a little more cost to create the `SslSessionData` per connection rather than per `SSLSession`, but it should be negligible.

Now `SslSessionData` cannot be retrieved as a `SSLSession` attribute, but we have explicit APIs to retrieve it, so it should not be a problem.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/EndPoint.java

@@ -386,8 +386,8 @@ public interface EndPoint extends Closeable
     interface SslSessionData
     {
         /**
-         * The name at which an {@code SslSessionData} instance may be found as a request
-         * {@link org.eclipse.jetty.util.Attributes Attribute} or from {@link SSLSession#getValue(String)}.
+         * The name at which an {@code SslSessionData} instance may be found
+         * as a request {@link org.eclipse.jetty.util.Attributes attribute}.
          */
         String ATTRIBUTE = "org.eclipse.jetty.io.Endpoint.SslSessionData";
 

jetty-core/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java

@@ -506,6 +506,7 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
 
         private final Callback _incompleteWriteCallback = new IncompleteWriteCallback();
         private Throwable _failure;
+        private SslSessionData _sslSessionData;
 
         public SslEndPoint()
         {
@@ -1571,6 +1572,28 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
             }
         }
 
+        @Override
+        public SslSessionData getSslSessionData()
+        {
+            SSLSession sslSession = _sslEngine.getSession();
+            SslSessionData sslSessionData = _sslSessionData;
+            if (sslSessionData == null)
+            {
+                String cipherSuite = sslSession.getCipherSuite();
+
+                X509Certificate[] peerCertificates = _sslContextFactory != null
+                    ? _sslContextFactory.getX509CertChain(sslSession)
+                    : SslContextFactory.getCertChain(sslSession);
+
+                byte[] bytes = sslSession.getId();
+                String idStr = StringUtil.toHexString(bytes);
+
+                sslSessionData = SslSessionData.from(sslSession, idStr, cipherSuite, peerCertificates);
+                _sslSessionData = sslSessionData;
+            }
+            return sslSessionData;
+        }
+
         @Override
         public String toString()
         {
@@ -1643,28 +1666,6 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
                 return String.format("SSL@%h.DEP.writeCallback", SslConnection.this);
             }
         }
-
-        @Override
-        public SslSessionData getSslSessionData()
-        {
-            SSLSession sslSession = _sslEngine.getSession();
-            SslSessionData sslSessionData = (SslSessionData)sslSession.getValue(SslSessionData.ATTRIBUTE);
-            if (sslSessionData == null)
-            {
-                String cipherSuite = sslSession.getCipherSuite();
-
-                X509Certificate[] peerCertificates = _sslContextFactory != null
-                    ? _sslContextFactory.getX509CertChain(sslSession)
-                    : SslContextFactory.getCertChain(sslSession);
-
-                byte[] bytes = sslSession.getId();
-                String idStr = StringUtil.toHexString(bytes);
-
-                sslSessionData = SslSessionData.from(sslSession, idStr, cipherSuite, peerCertificates);
-                sslSession.putValue(SslSessionData.ATTRIBUTE, sslSessionData);
-            }
-            return sslSessionData;
-        }
     }
 
     private abstract class RunnableTask implements Invocable.Task