java client application session resumption

Question

I am making a number of calls from a java client application to a server using a TLS connection. To avoid the TLS handshake overhead, I would like to resume the session using a session ID, similar to what a web browser does. I am currently establishing each request using an HttpsURLConenction object.

How is this accomplished in Java? What API am I looking for?

Can any existing software do this? – VGR Oct 02 '15 at 14:08 — VGR, Oct 02 '15 at 14:08

score 0 · Accepted Answer · answered Oct 05 '15 at 15:39

To solve this problem, I used Apache's HttpClient API rather than the HttpsURLConnection. I am now able to keep the SSL context and make multiple calls without the need to do the full handshake (e.g. client signing operation).

SSLContext sslcontext = SSLContext.getInstance("TLSv1.2"); sslcontext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),null); sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1.2" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()); ... //called multiple times CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();

This was a long time ago, but if I remember correctly, I was solving a problem where the client needed to do multiple signing operations. I don't remember the specifics, but it did resolve a problem where signing operations were required every time a call was made. — emsworth, May 25 '16 at 13:42

score 0 · Answer 2 · answered May 25 '16 at 03:50

0

Java already supports session resumption in toto. You don't have to do anything at either end.

answered May 25 '16 at 03:50

user207421

305,947
44
307
483

java client application session resumption

2 Answers2