How to disable SSL Session Cache server side java?

Question

Is there a way to disable the server side session cache when using the JVM's SSLEngine? Because the size and timeout setter treat 0 as no-limite, the best I can do is to reduce the cache size to 1 and it's timeout to 1s, but I can't see how to disable it entirely.

I can see client side how to not offer host details, so as to not offer caching, but that is not what I'm after.

It is a request from a user who I believe needs it for unit testing and needs new sessions for their testing. — gregw, Apr 27 '16 at 00:28

score 1 · Answer 1 · answered Mar 21 '18 at 18:29

The only way that I am aware to do this is to invalidate the session yourself.

private void invalidateSocketSSLSession(Socket s) {
    if (s != null && s instanceof SSLSocket) {
        SSLSocket sock = (SSLSocket) s;
        if (sock.getSession() != null) {
            sock.getSession().invalidate();
        }
    }
}

How to disable SSL Session Cache server side java?

1 Answers1