[fix] Java's default session timeout in 24h

jruby · Jul 1, 2022 · 0b799fd · 0b799fd
1 parent f957572
commit 0b799fd
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/src/main/java/org/jruby/ext/openssl/SSLSession.java b/src/main/java/org/jruby/ext/openssl/SSLSession.java
@@ -142,8 +142,10 @@ public IRubyObject set_time(final ThreadContext context, IRubyObject time) {
     @JRubyMethod(name = "timeout")
     public IRubyObject timeout(final ThreadContext context) {
         final SSLSessionContext sessionContext = sslSession().getSessionContext();
-        // default in OpenSSL is 300
-        if ( sessionContext == null ) return context.runtime.newFixnum(300);
+        if (sessionContext == null) {
+            // JDK's default is 24h (default in OpenSSL is 300)
+            return context.runtime.newFixnum(86400);
+        }
         return context.runtime.newFixnum(sessionContext.getSessionTimeout());
     }