Re: [jetty-users] Fast SSL with jetty.

2021-03-18 Thread Greg Wilkins 
So unix sockets an option?

On Fri, 19 Mar 2021, 09:21 Luke B,  wrote:

> Hi,
>
> From memory the difference in performance is rather large, maybe 10x or
> 20x. It really does make a difference to how many requests we can handle.
> Conscrypt takes jetty from being severely limited by the speed at which it
> can transfer encrypted data, to encryption adding no meaningful overhead to
> data transfer.
>
> -Luke
>
>
> On Tue, Mar 16, 2021 at 1:21 AM Simone Bordet  wrote:
>
>> Hi,
>>
>> On Mon, Mar 15, 2021 at 12:50 AM Luke B  wrote:
>> >
>> > Hi,
>> >
>> > So it seems conscrypt has even more memory leaks:
>> > https://github.com/google/conscrypt/issues/835
>> > https://github.com/google/conscrypt/issues/984
>> >
>> > Conscrypt doesn't appear to be sufficiently reliable to be used in
>> production.
>> >
>> > Setting up jetty to listen only on localhost without SSL and having an
>> nginx (or other web server) reverse proxy to provide SSL is possible but
>> unlikely something that is acceptable as encryption is required all the way
>> to the java process. In this case a tcp dump would reveal passwords.
>> >
>> > Jetty, it seems, is trapped behind Java's relatively slow SSL
>> implementation.
>>
>> I guess the keyword here is "relatively".
>>
>> Java's SSL is slower no doubt, but perhaps it does the job?
>> Is the move to Conscrypt due to benchmarks (A is faster than B), but B
>> can handle the load just nicely?
>> Is the move to Conscrypt due to saving CPU/memory in the cloud to save
>> money?
>>
>> I'm saying that with the latest Java versions, with native support for
>> encryption primitives, TLS resumption, etc. maybe Java TLS does the
>> job for you.
>> Sure it's not the Ferrari you wanted, but it's a decently fast car anyway?
>>
>> --
>> Simone Bordet
>> 
>> http://cometd.org
>> http://webtide.com
>> Developer advice, training, services and support
>> from the Jetty & CometD experts.
>> ___
>> jetty-users mailing list
>> jetty-users@eclipse.org
>> To unsubscribe from this list, visit
>> https://www.eclipse.org/mailman/listinfo/jetty-users
>>
> ___
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
>
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/jetty-users

Re: [jetty-users] Fast SSL with jetty.

2021-03-18 Thread Luke B 
Hi,

>From memory the difference in performance is rather large, maybe 10x or
20x. It really does make a difference to how many requests we can handle.
Conscrypt takes jetty from being severely limited by the speed at which it
can transfer encrypted data, to encryption adding no meaningful overhead to
data transfer.

-Luke


On Tue, Mar 16, 2021 at 1:21 AM Simone Bordet  wrote:

> Hi,
>
> On Mon, Mar 15, 2021 at 12:50 AM Luke B  wrote:
> >
> > Hi,
> >
> > So it seems conscrypt has even more memory leaks:
> > https://github.com/google/conscrypt/issues/835
> > https://github.com/google/conscrypt/issues/984
> >
> > Conscrypt doesn't appear to be sufficiently reliable to be used in
> production.
> >
> > Setting up jetty to listen only on localhost without SSL and having an
> nginx (or other web server) reverse proxy to provide SSL is possible but
> unlikely something that is acceptable as encryption is required all the way
> to the java process. In this case a tcp dump would reveal passwords.
> >
> > Jetty, it seems, is trapped behind Java's relatively slow SSL
> implementation.
>
> I guess the keyword here is "relatively".
>
> Java's SSL is slower no doubt, but perhaps it does the job?
> Is the move to Conscrypt due to benchmarks (A is faster than B), but B
> can handle the load just nicely?
> Is the move to Conscrypt due to saving CPU/memory in the cloud to save
> money?
>
> I'm saying that with the latest Java versions, with native support for
> encryption primitives, TLS resumption, etc. maybe Java TLS does the
> job for you.
> Sure it's not the Ferrari you wanted, but it's a decently fast car anyway?
>
> --
> Simone Bordet
> 
> http://cometd.org
> http://webtide.com
> Developer advice, training, services and support
> from the Jetty & CometD experts.
> ___
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
>
___
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/jetty-users