WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

JSSE: WolfSSLEngineHelper.setLocalServerNames() - get System/Security properties on class creation to avoid potential thread contention during handshake

pull/273/head
Chris Conlon 2025-06-09 17:22:29 -06:00
parent 9ee4cadde7
commit d2bb9d64d2
2 changed files with 29 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
View File

@ -60,6 +60,12 @@ import com.wolfssl.WolfSSLJNIException;
* @author wolfSSL * @author wolfSSL
*/ */
public class WolfSSLEngineHelper { public class WolfSSLEngineHelper {
/* Cache system and security properties to reduce thread contention */
private boolean jsseEnableSniExtension;
private boolean jdkTlsTrustNameService;
private boolean wolfjsseAutoSni;
private volatile WolfSSLSession ssl = null; private volatile WolfSSLSession ssl = null;
private WolfSSLImplementSSLSession session = null; private WolfSSLImplementSSLSession session = null;
private WolfSSLParameters params = null; private WolfSSLParameters params = null;
@ -105,6 +111,19 @@ public class WolfSSLEngineHelper {
* global reference allows the Java object to be garbage collected. */ * global reference allows the Java object to be garbage collected. */
private WolfSSLInternalVerifyCb wicb = null; private WolfSSLInternalVerifyCb wicb = null;
/**
* Private helper method to get System and Security properties.
* Called once up front by constructor.
*/
private void getSystemAndSecurityProperties() {
this.jsseEnableSniExtension =
checkBooleanProperty("jsse.enableSNIExtension", true);
this.jdkTlsTrustNameService =
checkBooleanProperty("jdk.tls.trustNameService", false);
this.wolfjsseAutoSni =
checkBooleanProperty("wolfjsse.autoSNI", false);
}
/** /**
* Always creates a new session * Always creates a new session
* @param ssl WOLFSSL session * @param ssl WOLFSSL session
@ -119,6 +138,8 @@ public class WolfSSLEngineHelper {
throw new WolfSSLException("Bad argument"); throw new WolfSSLException("Bad argument");
} }
getSystemAndSecurityProperties();
this.ssl = ssl; this.ssl = ssl;
this.params = params; this.params = params;
this.authStore = store; this.authStore = store;
@ -144,6 +165,8 @@ public class WolfSSLEngineHelper {
throw new WolfSSLException("Bad argument"); throw new WolfSSLException("Bad argument");
} }
getSystemAndSecurityProperties();
this.ssl = ssl; this.ssl = ssl;
this.params = params; this.params = params;
this.port = port; this.port = port;
@ -173,6 +196,8 @@ public class WolfSSLEngineHelper {
throw new WolfSSLException("Bad argument"); throw new WolfSSLException("Bad argument");
} }
getSystemAndSecurityProperties();
this.ssl = ssl; this.ssl = ssl;
this.params = params; this.params = params;
this.port = port; this.port = port;
@ -887,21 +912,7 @@ public class WolfSSLEngineHelper {
* what String. * what String.
*/ */
private void setLocalServerNames() { private void setLocalServerNames() {
/* Do not add SNI if system property has been set to false */ boolean autoSNI = this.wolfjsseAutoSni;
boolean enableSNI =
checkBooleanProperty("jsse.enableSNIExtension", true);
/* Have we been instructed to trust the system name service for
* reverse DNS lookups? */
boolean trustNameService =
checkBooleanProperty("jdk.tls.trustNameService", false);
/*
* Check if automatic SNI setting is enabled via Security property.
* This allows users to enable legacy hostname-based SNI behavior
* through java.security configuration rather than JVM arguments. */
boolean autoSNI = "true".equalsIgnoreCase(
Security.getProperty("wolfjsse.autoSNI"));
/* Detect HttpsURLConnection usage by checking: /* Detect HttpsURLConnection usage by checking:
* - Client mode is set (client-side connection) * - Client mode is set (client-side connection)
@ -919,7 +930,7 @@ public class WolfSSLEngineHelper {
* HttpsURLConnection is detected */ * HttpsURLConnection is detected */
autoSNI = autoSNI || isHttpsConnection; autoSNI = autoSNI || isHttpsConnection;
if (!enableSNI) { if (!this.jsseEnableSniExtension) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
() -> "jsse.enableSNIExtension property set to false, " + () -> "jsse.enableSNIExtension property set to false, " +
"not adding SNI to ClientHello"); "not adding SNI to ClientHello");
@ -938,7 +949,7 @@ public class WolfSSLEngineHelper {
this.ssl.useSNI((byte)sni.getType(), sni.getEncoded()); this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
} }
} else if (autoSNI) { } else if (autoSNI) {
if (this.peerAddr != null && trustNameService) { if (this.peerAddr != null && this.jdkTlsTrustNameService) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
() -> "setting SNI extension with " + () -> "setting SNI extension with " +
"InetAddress.getHostName(): " + "InetAddress.getHostName(): " +

2
src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java
View File

@ -159,7 +159,7 @@ final class WolfSSLParameters {
return null; return null;
} else { } else {
return Collections.unmodifiableList( return Collections.unmodifiableList(
new ArrayList<WolfSSLSNIServerName>(this.serverNames)); new ArrayList<WolfSSLSNIServerName>(this.serverNames));
} }
} }