'Force client or server to restart SSL handshake (or expire SSL session)

I have a java client which connects to an HTTPS server (the server written in Java also). Here is the HttpClient setting in the client:

SSLContext ctx = SSLContext.getInstance("TLSv1.2");
keyManagers = ...; // Created from a PKIX KeyManagerFactory
trustManagers = ...; // Created from a PKIX TrustManagerFactory
ctx.init(keyManagers, trustManagers, new SecureRandom());
SSLContext.setDefault(ctx);

RequestConfig defaultRequestConfig = RequestConfig.custom()//
       .setSocketTimeout(5000)//
       .setConnectTimeout(5000)//
       .setConnectionRequestTimeout(5000)//
       .build();

httpClient = HttpClients.custom()//
       .setSSLContext(ctx)//
       .setDefaultRequestConfig(defaultRequestConfig)//
       .setSSLHostnameVerifier(new NoopHostnameVerifier())//
       .build();

The client certificate and trusted certificates are stored in a PKI token. The client sends some HTTP requests to the server continuously. All things work fine. Now I want to force client (or server) to restart handshaking. In other words, I want to refresh SSL connection which causes to check server certificate periodically. Is there any way to do this?

I know about SSLSessionContext.setSessionTimeout(). But this will not refresh the current connection(s). It will force only new connections to do handshaking again.

javasslhttpclientpki


Solution 1:[1]

For future readers.

I ask a similar question on security.stackexchange.com without details about programming. I had thought that the question may be a security issue. However, that question now is migrated from security.stackexchange.com to stackoverflow.com and has a convincing answer for me. I suggest referring to that: https://stackoverflow.com/a/55004572/5538979

Solution 2:[2]

You can clear the ssl caches with the following code snippet:

SSLContext sslContext = ...; // your initialised SSLContext
SSLSessionContext sslSessionContext = sslContext.getClientSessionContext();

Collections.list(sslContext.getClientSessionContext().getIds()).stream()
        .map(sslSessionContext::getSession)
        .filter(Objects::nonNull)
        .forEach(SSLSession::invalidate);

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 hadi.mansouri
Solution 2 Hakan54

Related Questions