Invalidate the session - so it can't be resumed.

Not sure what else we can do using this hook - we could switch to SSLEngine, but that's pretty large change.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@834340 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
index 0697c07..74df1d9 100644 (file)
--- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -178,6 +178,7 @@ public class JSSESocketFactory
             if (completed) {
                 try {
                     log.warn("SSL renegotiation is disabled, closing connection");
+                    event.getSession().invalidate();
                     event.getSocket().close();
                 } catch (IOException e) {
                     // ignore