Java: How to maintain a session of SSLSocket in pool to prevent a new handshake on each message

Question

I am connecting a Java Server to a Android Application via SSLSocket. They communicate sending JSON objects.

My server needs to:

1. Check the login information of the app user
2. Keep up that connection for further communication to prevent another handshake (to reduce network data) and to identify the user on further interactions

I am done with the first point, the connection is established and works. But how can I achieve the second?

(Keeping the Thread the user connected to alive until he closes the socket seems to be inappropriate. I need to consider several thousand connections with connection time spans from one minute until maybe an hour.)

Answer 1

JSSE already does SSL session sharing. Don't worry about it. Just create SSLSockets as you need them. They will rejoin existing sessions if they can. Rejoining sessions uses an abbreviated handshake.

You don't need to make special arrangements at the server either. On the other hand, connection pooling at the client never hurts, but the server doesn't need to know much about it, except to loop accepting multiple requests from a connection rather than closing it after sending the first response.