I don't know much about the internal workings of JSSE and it's DNS behavior, but here's a stab in the dark... It seems that a new instance of SSLSocketFactory is being created in every call to getSocketFactory(). My guess is that any caching (DNS and otherwise) is done by the socket factories. Creating a new instance every time may cause some problems here.
Mike
On Mar 4, 2004, at 4:35 AM, Christian Myrvold wrote:
Greetings,
I does not seem like my first mail went through so I am gonna try again. In short I have a performance problem with the HttpClient when using https agains private networks over dialup/PPP connections. DNS records are not available for the webservers I am connecting to. When I go connect through my application (which is a sort of a httpsproxy), performance is significally slower then when i connect directly to the webserver. Allthough when I add correct DNS records (both forward and reverse) to my DNS-server, I get a good performance gain. So, I am asuming it is the reverse lookup of the DNS that is consuming time. Actually I can se from debugging that it is the part where a new socket/connection is beeing created that is timeconsuming. So I am wondering if there is a way to turn off the reverse lookup in the HttpClient or SSL library? I am using the SSLSocketFactory I found on these mailinglist. Please see below.
As additional information I can add that I use the whole URL to connect. When I create a method i use for an example an URL like this in the constructor: https://192.168.20.3. Is this ok? Or should I use another way to add the IP-address to avoid reverse lookup?
Also I would like to know if there is any good tips or hints for performance in general for the HttpClient?
Help is greatly appreciated!
Best Regards, Christian Myrvold
************ /* * ProxySSLSocketFactory.java * * Created on 3. mars 2004, 14:36 */
package no.mitec.sacs.application.proxy;
/** * * @author cm */ import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
public class ProxySSLSocketFactory implements SecureProtocolSocketFactory
{
private static class TM implements X509TrustManager
{
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{
}
}
private static SSLSocketFactory getSocketFactory() { try { SSLContext context = SSLContext.getInstance("SSL"); context.init(null, new TrustManager[] {new TM()}, null); return context.getSocketFactory(); } catch (Exception e) { throw new RuntimeException(e); } }
public Socket createSocket(String host, int port, InetAddress clientHost,
int clientPort) throws IOException, UnknownHostException
{
return getSocketFactory().createSocket(host, port, clientHost, clientPort);
}
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return getSocketFactory().createSocket(host, port); }
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException
{
return getSocketFactory().createSocket(socket, host, port, autoClose);
}
}
************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
