According to the Java™ Servlet Specification Version 3.0 Rev a §3.8 SSL Attributes:
"If a request has been transmitted over a secure protocol, such as HTTPS [...]
The Web container must expose the following attributes to the servlet programmer:
SSL session id 'javax.servlet.request.ssl_session_id' String "
This is not true for the latest GF stable 3.1 b43.
It still uses the 'javax.servlet.request.ssl_session'.
See the very simple index.jsp for a testcase ..