Oleg,
I have tried setting check-stale to false and this doesn't solve the
problem. I have also now collected the data. I have run the program with
-Djavax.net.debug=ssl,handshake(I hope this is what you wanted) and it
have produced the following data. After an hour the system suddently
does something more than the first hour. A Certificate chain is
introduced - what ever that is.
/Kim Andersn
before an hour
2006/01/05 16:29:30:217 CET [DEBUG] HttpConnection - Open connection to
xxxxxxx:443
pool-1-thread-1, setSoTimeout(60000) called
pool-1-thread-1, setSoTimeout(60000) called
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "GET
/Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
2006/01/05 16:29:30:217 CET [DEBUG] HttpMethodBase - Adding Host request
header
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0-rc4[\r][\n]"
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "Host: xxxxxxxx[\r][\n]"
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "[\r][\n]"
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 3220
*** ClientHello, TLSv1
RandomCookie: GMT: 1119697754 bytes = { 175, 176, 119, 47, 186, 179,
77, 97, 52, 155, 144, 165, 175, 1, 1, 160, 74, 151, 230, 75, 131, 131,
239, 217, 66, 136, 178, 153 }
Session ID: {6, 206, 72, 242, 166, 55, 197, 18, 85, 201, 28, 222, 64,
72, 11, 174, 176, 126, 107, 28, 14, 67, 134, 90, 133, 120, 89, 22, 56,
204, 84, 219}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105
pool-1-thread-1, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1119697752 bytes = { 109, 56, 78, 201, 62, 13, 197,
25, 126, 226, 226, 174, 172, 103, 73, 96, 27, 102, 40, 249, 104, 238,
222, 243, 120, 200, 129, 131 }
Session ID: {6, 206, 72, 242, 166, 55, 197, 18, 85, 201, 28, 222, 64,
72, 11, 174, 176, 126, 107, 28, 14, 67, 134, 90, 133, 120, 89, 22, 56,
204, 84, 219}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
CONNECTION KEYGEN:
Client Nonce:
0000: 43 BD 3B 5A AF B0 77 2F BA B3 4D 61 34 9B 90 A5
C.;Z..w/..Ma4...
0010: AF 01 01 A0 4A 97 E6 4B 83 83 EF D9 42 88 B2 99
....J..K....B...
Server Nonce:
0000: 43 BD 3B 58 6D 38 4E C9 3E 0D C5 19 7E E2 E2 AE
C.;Xm8N.>.......
0010: AC 67 49 60 1B 66 28 F9 68 EE DE F3 78 C8 81 83
.gI`.f(.h...x...
Master Secret:
0000: 14 EA 66 7C 14 4D C2 85 35 3F 38 8E 8A 7A 6D BC
..f..M..5?8..zm.
0010: 4D F6 32 D8 90 49 D7 47 AC 7B B3 11 F3 6D 21 0F
M.2..I.G.....m!.
0020: AE CB 60 84 38 2C E2 C5 55 8B 97 69 4B E0 74 83
..`.8,..U..iK.t.
Client MAC write Secret:
0000: D2 6C D5 E7 BC 43 43 95 9B D0 2A 06 62 1D F4 63
.l...CC...*.b..c
Server MAC write Secret:
0000: 2B 25 AD 9F 0A 2D F3 78 00 AB 3B 53 0D 65 60 89
+%...-.x..;S.e`.
Client write key:
0000: 9A 40 C7 71 36 DB BB D0 62 41 8F 3D 2E 57 74 63
[EMAIL PROTECTED]
Server write key:
0000: 60 6B E8 6B A3 D6 86 02 15 AA 7A F6 31 7D 3F 3A
`k.k......z.1.?:
... no IV for cipher
%% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5]
pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1
pool-1-thread-1, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 225, 21, 224, 199, 72, 143, 246, 98, 185, 26, 224, 199 }
***
pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 8, 233, 26, 6, 176, 3, 97, 108, 184, 93, 123, 61 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32
pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156
pool-1-thread-1, READ: TLSv1 Application Data, length = 207
2006/01/05 16:29:30:451 CET [DEBUG] header - << "HTTP/1.1 200
OK[\r][\n]"
2006/01/05 16:29:30:451 CET [DEBUG] header - << "Date: Thu, 05 Jan 2006
15:29:28 GMT[\r][\n]"
2006/01/05 16:29:30:451 CET [DEBUG] header - << "Server: Apache[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "Content-Type:
text/html[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "Content-Length:
120[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "Last-Modified: Mon, 07
Oct 2002 14:00:15 GMT[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "ETag:
"120-1033999215000"[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] HttpMethodBase - Buffering response
body
pool-1-thread-1, READ: TLSv1 Application Data, length = 136
2006/01/05 16:29:30:467 CET [DEBUG] HttpMethodBase - Resorting to
protocol version default close connection policy
2006/01/05 16:29:30:467 CET [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2006/01/05 16:29:30:467 CET [DEBUG] HttpConnection - Releasing
connection back to connection manager.
after an hour
2006/01/06 03:44:30:600 CET [DEBUG] HttpConnection - Open connection to
xxxxxxx:443
pool-1-thread-1, setSoTimeout(60000) called
pool-1-thread-1, setSoTimeout(60000) called
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "GET
/Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
2006/01/06 03:44:39:600 CET [DEBUG] HttpMethodBase - Adding Host request
header
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0-rc4[\r][\n]"
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "Host:
xxxxxxxxx[\r][\n]"
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "[\r][\n]"
%% Client cached [Session-135, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-135, SSL_RSA_WITH_RC4_128_MD5] from port 4771
*** ClientHello, TLSv1
RandomCookie: GMT: 1119672471 bytes = { 17, 105, 185, 28, 127, 10, 54,
71, 40, 245, 252, 39, 15, 80, 225, 76, 47, 29, 52, 57, 245, 38, 73, 23,
95, 74, 40, 182 }
Session ID: {243, 63, 246, 117, 176, 105, 224, 150, 73, 77, 87, 147,
150, 104, 220, 89, 212, 103, 26, 25, 31, 233, 165, 86, 47, 82, 249, 26,
206, 15, 235, 3}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105
pool-1-thread-1, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1119672469 bytes = { 0, 96, 86, 21, 168, 3, 63, 198,
149, 34, 189, 216, 193, 138, 57, 49, 170, 129, 25, 205, 129, 51, 20,
240, 187, 226, 178, 199 }
Session ID: {247, 183, 113, 32, 30, 110, 63, 135, 239, 59, 53, 69, 226,
221, 180, 137, 168, 231, 102, 55, 235, 50, 204, 223, 244, 168, 196, 105,
55, 158, 4, 244}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
////diffrent than the first
%% Created: [Session-136, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
pool-1-thread-1, READ: TLSv1 Handshake, length = 5138
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=xxxxxx, OU=Services, O=TDC Tele Danmark A/S, L=Copenhagen,
ST=Copenhagen, C=DK
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus:
108743470482425003628078020115619367307386847842110379391731715485724646
154508475535092040391270013106601631296118583507132677920181887829517935
250597224083381331131012349794503650770898238488079850040133082437967142
979313202745645900196912045975083548027767073348159063351754973498187688
095381333926743292613
public exponent: 65537
Validity: [From: Mon Mar 22 12:36:56 CET 2004,
To: Wed Mar 22 13:06:56 CET 2006]
Issuer: OU=TDC SSL Server CA, O=TDC, C=DK
SerialNumber: [ 3e2c3433]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4C AD B1 C0 55 84 12 E1 DE 18 E6 D7 54 E5 0D 13
L...U.......T...
0010: 18 EA 8A 1A ....
]
]
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FD 1E C2 B3 08 3A 95 D1 D4 A5 87 CE CD 41 84 73
.....:.......A.s
0010: EF 33 74 0D .3t.
]
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=TDC SSL Server CA, O=TDC, C=DK]
, DistributionPoint:
[URIName: http://crl.certifikat.dk/SSLServer.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.4386.2.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 23 68 74 74 70 3A 2F 2F 77 77 77 2E 63 65 72
.#http://www.cer
0010: 74 69 66 69 6B 61 74 2E 64 6B 2F 72 65 70 6F 73
tifikat.dk/repos
0020: 69 74 6F 72 79 itory
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 82 01 1B 30 13 16 0C 54 44 43 20 49 6E 74 65
0...0...TDC Inte
0010: 72 6E 65 74 30 03 02 01 01 1A 82 01 02 44 65 74
rnet0........Det
0020: 74 65 20 63 65 72 74 69 66 69 6B 61 74 20 65 72 te certifikat
er
0030: 20 75 64 73 74 65 64 74 20 75 6E 64 65 72 20 54 udstedt under
T
0040: 44 43 20 49 6E 74 65 72 6E 65 74 20 43 41 73 20 DC Internet CAs
0050: 43 65 72 74 69 66 69 6B 61 74 20 50 6F 6C 69 74 Certifikat
Polit
0060: 69 6B 20 66 6F 72 20 53 53 4C 20 53 65 72 76 65 ik for SSL
Serve
0070: 72 20 63 65 72 74 69 66 69 6B 61 74 65 72 20 28 r certifikater
(
0080: 4F 49 44 3D 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E
OID=1.3.6.1.4.1.
0090: 34 33 38 36 2E 32 2E 31 2E 31 2E 31 29 2E 20 54 4386.2.1.1.1).
T
00A0: 68 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 his certificate
00B0: 69 73 20 69 73 73 75 65 64 20 75 6E 64 65 72 20 is issued under
00C0: 54 44 43 20 49 6E 74 65 72 6E 65 74 20 43 41 73 TDC Internet
CAs
00D0: 20 43 65 72 74 69 66 69 63 61 74 65 20 50 6F 6C Certificate
Pol
00E0: 69 63 79 20 66 6F 72 20 53 53 4C 20 53 65 72 76 icy for SSL
Serv
00F0: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 73 20 er certificates
0100: 28 4F 49 44 3D 31 2E 33 2E 36 2E 31 2E 34 2E 31
(OID=1.3.6.1.4.1
0110: 2E 34 33 38 36 2E 32 2E 31 2E 31 2E 31 29 2E .4386.2.1.1.1).
]] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 02 A4 23 71 5B C8 05 8E 59 9E C8 FB 75 21 57 F2
..#q[...Y...u!W.
0010: 9A F6 08 1F A8 82 C2 FC 5E CE 38 9A BF 7B 7F C7
........^.8.....
0020: 85 C9 C9 B3 7F F6 6F B8 48 7C 80 AF D9 BC D5 D1
......o.H.......
0030: C4 13 C1 27 65 BA A8 D1 3D 53 AB CF FE 4C FE 77
...'e...=S...L.w
0040: A0 5B A1 C3 18 49 90 89 4F EA D9 30 A3 F4 E7 10
.[...I..O..0....
0050: EE 52 23 EA 04 1B 80 83 43 CA 93 C6 71 FA E4 BA
.R#.....C...q...
0060: 76 4E 7B D5 DE B9 C3 6F E2 A6 6A EE B4 D8 DB 57
vN.....o..j....W
0070: BF FA 4C C5 83 B8 6C 2F 42 59 A0 FB 13 5D 0E 60
..L...l/BY...].`
0080: DA 5F F2 C2 06 13 D4 8F E9 3B 0F A8 87 D5 C0 53
._.......;.....S
0090: 86 C9 EC 92 21 01 3F 39 5B 82 BF 86 F1 B7 B4 8F
....!.?9[.......
00A0: 08 3D 0E CF C8 FF 26 E4 E5 6F 00 F0 7F 56 46 D6
.=....&..o...VF.
00B0: 4F 18 A2 D5 01 36 D4 1E 59 F8 A6 8C 2F D9 7C 66
O....6..Y.../..f
00C0: AA 4C 4C 19 32 08 74 7E AD 12 7A 8F 91 45 27 35
.LL.2.t...z..E'5
00D0: E5 7C 41 06 C8 EF 86 86 8E 36 49 9B B4 E6 47 88
..A......6I...G.
00E0: A7 18 D7 91 89 89 CA 18 7C 3A F2 29 0B 38 99 4E
.........:.).8.N
00F0: BF F2 23 80 DF 63 86 4C 25 98 55 47 92 E2 52 D3
..#..c.L%.UG..R.
]
chain [1] = [
[
Version: V3
Subject: OU=TDC SSL Server CA, O=TDC, C=DK
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
274919061170462899876977327699837951960497963216030759720297395643266483
916148829346469882089462664962710815153105189988639150453152159522253040
474483783023785827736370461321488503687486268732420265222550507525621668
673197786708954580795146125106177766329144760352758261439708512590288359
532937105747296364257228981200884118530227561147467875616169047851507193
396209280240128516009535970054335233833614650129555609531570566921954028
811767419220027532341427420774871038449179195531627698124623005830698688
698976794805384812352765107545596054169096156340264667630375318283221221
46020494477816770183284386440657169613947
public exponent: 65537
Validity: [From: Wed Jan 22 15:36:41 CET 2003,
To: Tue Jan 22 16:06:41 CET 2008]
Issuer: OU=TDC Internet Root CA, O=TDC Internet, C=DK
SerialNumber: [ 3c19dc3b]
Certificate Extensions: 6
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 30 0A 1B 04 56 36 2E 30 03 02 04 90 ..0...V6.0....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FD 1E C2 B3 08 3A 95 D1 D4 A5 87 CE CD 41 84 73
.....:.......A.s
0010: EF 33 74 0D .3t.
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5
ld....m....P....
0010: 3C 56 A8 50 <V.P
]
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=TDC Internet Root CA, O=TDC Internet, C=DK]
, DistributionPoint:
[URIName: http://crl.certifikat.dk/Root_CA.crl]
]]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: BE 1E A0 BD 00 03 B4 8C AE 82 2A 1E CC 02 52 2B
..........*...R+
0010: A6 E4 1D 5C 59 E6 25 C6 66 79 D7 E1 05 96 12 DD
...\Y.%.fy......
0020: 6B 1C 6B CD 06 69 28 7B C2 6E AF F5 B3 73 03 07
k.k..i(..n...s..
0030: 5D 9D 12 7D 6F 7F E7 7B E1 19 65 36 52 84 8D E7
]...o.....e6R...
0040: D5 86 53 F9 AC 2F 60 00 DC CB 00 32 98 FF 2A 12
..S../`....2..*.
0050: 03 05 86 97 1B 12 35 ED 26 72 8F 73 F4 87 51 CB
......5.&r.s..Q.
0060: F9 53 5B BC EE 52 49 16 41 58 39 15 72 AA 4E 3A
.S[..RI.AX9.r.N:
0070: 02 44 60 14 DF 27 2C B7 4E C2 AF B7 14 4F 76 DE
.D`..',.N....Ov.
0080: 6D BB EC E0 5A C4 BD A1 D1 79 AB DA 2F 0E 40 46
m...Z....y../[EMAIL PROTECTED]
0090: 4A 85 7C 06 C9 0B 2A 0E F2 62 77 6B EE 77 6A A9
J.....*..bwk.wj.
00A0: 55 43 70 0D A2 E1 84 C9 AF E7 12 E2 0B F5 74 4A
UCp...........tJ
00B0: 45 0E 13 0A 14 C6 6D 7A 7E 06 46 A1 5E AF 9D 31
E.....mz..F.^..1
00C0: 3E 6D F3 4F BC 00 CF 0E 69 B2 61 80 60 00 66 4D
>m.O....i.a.`.fM
00D0: D8 FF 67 87 D7 DB F1 BE 18 C2 97 E4 E2 EF 4B 25
..g...........K%
00E0: FD D9 3C 3D 4C 7D CE 0C 13 82 CE D4 A8 3E E7 78
..<=L........>.x
00F0: 71 B5 72 B1 E1 DC 56 3E 37 71 8E 62 A2 DA F3 11
q.r...V>7q.b....
]
chain [2] = [
[
Version: V3
Subject: OU=TDC Internet Root CA, O=TDC Internet, C=DK
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
248335662535080918120859006460603864568160126558579841045947842694533605
833929229075227656514409978993191437172272775048897839556506214496862985
240894733019772831448342314110312770194187283234081330172815917436552466
611802823921382121131166343614349656621306658177526788322231112727573563
941826973308732951434149167482040497143243283185075470233268822153834462
145146535001104999847034223875479024524207454224032106158270527296434682
929291001327560660254260525764883748354860452165370898441107821008749862
215657297404244608083391162523527573080188896845481162501263089844172570
69693500321025969501150623006544052872871
public exponent: 65537
Validity: [From: Sun Apr 01 14:00:00 CEST 2001,
To: Wed Dec 31 13:00:00 CET 2008]
Issuer: CN=GlobalSign Partners CA, OU=Partners CA, O=GlobalSign nv-sa,
C=BE
SerialNumber: [ 01000000 0000e5f2 1181ee]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6C 64 01 C7 FD 85 6D AC C8 DA 9E 50 08 85 08 B5
ld....m....P....
0010: 3C 56 A8 50 <V.P
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E
[EMAIL PROTECTED]
0010: 0F A2 4C FB ..L.
]
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 38 76 F1 0B 02 CA 6F 1B 2E 2F D9 0B B1 36 8F E8
8v....o../...6..
0010: AC BA AA AC 56 B3 9D 6D 91 3E 04 92 E2 04 CF 19
....V..m.>......
0020: 2E 0F 88 F0 09 76 3E 32 F4 B9 E6 EC 39 63 77 50
.....v>2....9cwP
0030: F4 B9 F6 5C 43 C8 63 A7 58 F2 A2 57 40 E3 FD 25
[EMAIL PROTECTED]
0040: 60 3A 62 F3 D6 38 D4 97 04 35 C2 16 EC B1 9E 96
`:b..8...5......
0050: 6B 3A 31 B8 39 FA 7A 84 3A 2C 35 01 3B F9 4E D5
k:1.9.z.:,5.;.N.
0060: 4A 72 F4 B9 A6 4A DA F4 FB 54 46 97 C6 61 0C 10
Jr...J...TF..a..
0070: B9 E0 0D BF 05 71 22 AC 05 E8 56 6E 67 93 02 E9
.....q"...Vng...
0080: D0 A6 11 77 1C 08 52 96 4D AA FA D3 7A 77 59 8D
...w..R.M...zwY.
0090: 22 EB 50 7D DA C7 3A 5F 99 EE B6 C2 17 83 EB 5B
".P...:_.......[
00A0: 29 5C 83 FE B0 C3 37 2E 28 62 93 55 B9 66 50 6D
)\....7.(b.U.fPm
00B0: C7 8F 2A 2A 1A 4B D1 37 4E 56 6E 5F CF EF 72 CB
..**.K.7NVn_..r.
00C0: 37 AD 9D 3E 91 02 96 2C 84 FC D1 44 07 45 C1 5A
7..>...,...D.E.Z
00D0: E3 62 9F 71 89 93 1A 99 FE E2 1F 86 2C 2E AA 56
.b.q........,..V
00E0: 1C 7D D7 4A 7B EA D2 73 D6 3B F5 AC F1 B2 9D CA
...J...s.;......
00F0: F6 A3 9B 18 98 C7 7F FC 5A FE 4F 34 A2 FC B6 FE
........Z.O4....
]
chain [3] = [
[
Version: V3
Subject: CN=GlobalSign Partners CA, OU=Partners CA, O=GlobalSign
nv-sa, C=BE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 2048 bits
modulus:
265322193412512087504382428489627891549169544844901624556289338011808173
687538614219161349760345150163056158053239619111877230622056473173166549
314227462283331635012211783598649109977801346502594301756596862524813833
345345267011504193197733569818484711790128427747747931310296269529355948
036714952117939320660883789979810547509431904604342581626485579013552003
379340128124255961894735086666357789587924632106944662674194523805387959
152780512263723420631001422727221308842402181055214523977538899768651686
240436983867393154439902432364645114357682575512312806883504535492453499
48440375495896542837533902970517580852029
public exponent: 65537
Validity: [From: Thu Jan 28 13:00:00 CET 1999,
To: Wed Jan 28 13:00:00 CET 2009]
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 02000000 0000d678 b9d1af]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 24 8D 70 15 08 62 55 9C 4F 0C 40 17 5D 86 5E
[EMAIL PROTECTED]
0010: 0F A2 4C FB ..L.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 60 7B 66 1A 45 0D 97 CA 89 50 2F 7D 04 CD 34 A8
`.f.E....P/...4.
0010: FF FC FD 4B ...K
]
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 66 ED B4 88 69 11 99 82 21 83 AC A1 6D 8B 9B 84
f...i...!...m...
0010: AD 0F 2D C8 1E 8C CA 7B 7E AD AA D4 8E DE 07 D6
..-.............
0020: 9E 45 C7 A5 B8 9C 07 39 60 25 55 1A C0 4F 19 E5
.E.....9`%U..O..
0030: CF 17 29 49 89 18 35 66 E5 EB 28 40 4E 57 C9 AF
..)I..5f..(@NW..
0040: B3 E4 B8 20 05 A3 3B 95 50 91 49 94 29 7D 2C E5 ...
..;.P.I.).,.
0050: 88 41 A5 45 88 5E 9D 82 27 F7 D2 EF 5B B5 4F 9F
.A.E.^..'...[.O.
0060: BE FE 35 65 2C 55 64 9F E1 51 DA 22 61 77 BA 58
..5e,Ud..Q."aw.X
0070: 4E 8F C6 79 59 59 6E 30 80 A2 4F 90 6E 21 0B AD
N..yYYn0..O.n!..
0080: D0 68 39 90 10 9B ED 22 65 6F 1E 11 38 E6 7F 8C
.h9...."eo..8...
0090: D2 F3 39 6D 47 D5 21 E8 EA 75 3A 41 D1 AD F6 16
..9mG.!..u:A....
00A0: 9D 5D 0B 21 BD F3 1F 63 06 25 1D C1 1F 35 71 2C
.].!...c.%...5q,
00B0: EB 20 19 D5 C1 B0 EC 3D E5 6F ED 02 07 3F 13 7B .
.....=.o...?..
00C0: 66 92 D6 44 C1 98 F7 5F 50 8B 7A 5B C2 6F 6D B0
f..D..._P.z[.om.
00D0: D1 F8 E5 74 A0 40 37 A3 25 0F E4 3D CA 64 31 93
[EMAIL PROTECTED]
00E0: 90 5C 30 7B B9 39 31 9A 5E 4C CD B9 41 4F 50 E4
.\0..91.^L..AOP.
00F0: 3D 38 AE C8 66 D9 C7 3B 5D 51 47 AC 9B AB F2 AD
=8..f..;]QG.....
]
chain [4] = [
[
Version: V3
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 2048 bits
modulus:
275272983313466246593078150033938714055440208592235712533385208047652234
309824582460987723211519416729616406276751862762050515262426433781001588
855132177420580564661683926500550131001048491763122941672420411403104357
720267176017631847064802594852128069022238948885667296342669846192211688
624218381922034951518937622167777483301299095882102032997785818981753208
829083719309844518090545096453792773097910849097057583724773208933361528
826298910142867448156843715107516748259202041804902581229868625395852019
341552209457329378303088343871080466570053634520717763967071812831434632
13972159925612976006433949563180335468751
public exponent: 65537
Validity: [From: Tue Sep 01 14:00:00 CEST 1998,
To: Tue Jan 28 13:00:00 CET 2014]
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
SerialNumber: [ 02000000 0000d678 b79405]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 60 7B 66 1A 45 0D 97 CA 89 50 2F 7D 04 CD 34 A8
`.f.E....P/...4.
0010: FF FC FD 4B ...K
]
]
[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: AE AA 9F FC B7 D2 CB 1F 5F 39 29 28 18 9E 34 C9
........_9)(..4.
0010: 6C 4F 6F 1A F0 64 A2 70 4A 4F 13 86 9B 60 28 9E
lOo..d.pJO...`(.
0020: E8 81 49 98 7D 0A BB E5 B0 9D 3D 36 DB 8F 05 51
..I.......=6...Q
0030: FF 09 31 2A 1F DD 89 77 9E 0F 2E 6C 95 04 ED 86
..1*...w...l....
0040: CB B4 00 3F 84 02 4D 80 6A 2A 2D 78 0B AE 6F 2B
...?..M.j*-x..o+
0050: A2 83 44 83 1F CD 50 82 4C 24 AF BD F7 A5 B4 C8
..D...P.L$......
0060: 5A 0F F4 E7 47 5E 49 8E 37 96 FE 9A 88 05 3A D9
Z...G^I.7.....:.
0070: C0 DB 29 87 E6 19 96 47 A7 3A A6 8C 8B 3C 77 FE
..)....G.:...<w.
0080: 46 63 A7 53 DA 21 D1 AC 7E 49 A2 4B E6 C3 67 59
Fc.S.!...I.K..gY
0090: 2F B3 8A 0E BB 2C BD A9 AA 42 7C 35 C1 D8 7F D5
/....,...B.5....
00A0: A7 31 3A 4E 63 43 39 AF 08 B0 61 34 8C D3 98 A9
.1:NcC9...a4....
00B0: 43 34 F6 0F 87 29 3B 9D C2 56 58 98 77 C3 F7 1B
C4...);..VX.w...
00C0: AC F6 9D F8 3E AA A7 54 45 F0 F5 F9 D5 31 65 FE
....>..TE....1e.
00D0: 6B 58 9C 71 B3 1E D7 52 EA 32 17 FC 40 60 1D C9
[EMAIL PROTECTED]
00E0: 79 24 B2 F6 6C FD A8 66 0E 82 DD 98 CB DA C2 44
y$..l..f.......D
00F0: 4F 2E A0 7B F2 F7 6B 2C 76 11 84 46 8A 78 A3 E3
O.....k,v..F.x..
]
***
pool-1-thread-1, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 106, 106, 107, 244, 154, 39, 2, 77, 187, 148,
200, 110, 74, 186, 64, 51, 71, 253, 91, 236, 13, 196, 233, 236, 201,
184, 126, 244, 95, 124, 216, 138, 209, 211, 40, 206, 51, 97, 48, 44,
250, 140, 252, 232, 17, 183 }
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 6A 6A 6B F4 9A 27 02 4D BB 94 C8 6E 4A BA
..jjk..'.M...nJ.
0010: 40 33 47 FD 5B EC 0D C4 E9 EC C9 B8 7E F4 5F 7C
@3G.[........._.
0020: D8 8A D1 D3 28 CE 33 61 30 2C FA 8C FC E8 11 B7
....(.3a0,......
///same again
CONNECTION KEYGEN:
Client Nonce:
0000: 43 BD D9 97 11 69 B9 1C 7F 0A 36 47 28 F5 FC 27
C....i....6G(..'
0010: 0F 50 E1 4C 2F 1D 34 39 F5 26 49 17 5F 4A 28 B6
.P.L/.49.&I._J(.
Server Nonce:
0000: 43 BD D9 95 00 60 56 15 A8 03 3F C6 95 22 BD D8
C....`V...?.."..
0010: C1 8A 39 31 AA 81 19 CD 81 33 14 F0 BB E2 B2 C7
..91.....3......
Master Secret:
0000: 74 1F E4 0E 6B 8D 48 DC E9 9D 2F 56 7D 7C B2 BC
t...k.H.../V....
0010: A2 89 EB DD 24 DE 5C CB CF 0F 08 47 E7 44 74 A8
....$.\....G.Dt.
0020: 23 4D 2A AE 9F 03 C3 96 BC F0 1E 02 6E B4 C3 07
#M*.........n...
Client MAC write Secret:
0000: F1 8F DB 6E 3E C9 34 85 FC D1 9C CF A6 C8 B6 21
...n>.4........!
Server MAC write Secret:
0000: 9F 3F 0B 03 74 07 EE 89 00 9E CD 00 07 47 20 89 .?..t........G
.
Client write key:
0000: EA DD EB AA E0 5B 8F 27 79 B3 82 AE AA FE 0F 9E
.....[.'y.......
Server write key:
0000: 2E D4 FC FA C8 15 45 42 50 59 D5 1C B6 87 2C 5B
......EBPY....,[
... no IV for cipher
pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 138, 10, 234, 8, 246, 57, 241, 237, 196, 114, 219, 106 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32
pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1
pool-1-thread-1, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 31, 18, 23, 54, 115, 88, 235, 73, 33, 236, 89, 186 }
***
%% Cached client session: [Session-136, SSL_RSA_WITH_RC4_128_MD5]
pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156
pool-1-thread-1, READ: TLSv1 Application Data, length = 207
2006/01/06 03:44:39:866 CET [DEBUG] header - << "HTTP/1.1 200
OK[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Date: Fri, 06 Jan 2006
02:44:37 GMT[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Server: Apache[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Content-Type:
text/html[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Content-Length:
120[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Last-Modified: Mon, 07
Oct 2002 14:00:15 GMT[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "ETag:
"120-1033999215000"[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] HttpMethodBase - Buffering response
body
pool-1-thread-1, READ: TLSv1 Application Data, length = 136
2006/01/06 03:44:39:866 CET [DEBUG] HttpMethodBase - Resorting to
protocol version default close connection policy
2006/01/06 03:44:39:866 CET [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2006/01/06 03:44:39:866 CET [DEBUG] HttpConnection - Releasing
connection back to connection manager.
-----Oprindelig meddelelse-----
Fra: Kim B. Andersen [mailto:[EMAIL PROTECTED]
Sendt: 5. januar 2006 14:36
Til: HttpClient Project
Emne: SV: SV: SV: Slow to open connection after an hour or so
Oleg,
Thanks again for your help and I going to try 2 and 3. As for question 1
do reuse httpclient in making a sample, but I don't save httpclient
between samples
Example:
start sampling 1
createst httpclient
measure web1
measure web2
measure web3
finished sampling 1
start sampling 2
createst httpclient
measure web1
measure web2
measure web3
finished sampling 2
I will write back when I know more about 2 and 3
Kim Andersen
-----Oprindelig meddelelse-----
Fra: Oleg Kalnichevski [mailto:[EMAIL PROTECTED]
Sendt: 5. januar 2006 14:09
Til: [email protected]
Emne: Re: SV: SV: Slow to open connection after an hour or so
On Thu, Jan 05, 2006 at 01:51:24PM +0100, Kim B. Andersen wrote:
> Oleg,
>
> The ssl certification is self signen, so I'm not interessed in
checking
> the certification. I use EasySSLProtocolSocketFactory( you properly
know
> the code ) :) , the only thing that I have changed is making an
internal
> class (SecureManager) instead of using EasyX509TrustManager.
> SecureManager does nothing. I thought that I did need to log this and
> that it would be faster when doing nothing - maybee I was wrong. As
you
> can see I'm a newbiee when it comes to http communication, so I have
> taken most of it from the web.
Kim,
(1) Are you re-using the instance of HttpClient along with all the
connections it may hold open?
(2) Try turning off the stale connection check
http://jakarta.apache.org/commons/httpclient/performance.html#Stale%20co
nnection%20check
(3) Try running your app with SSL debugging on to see if the SSL
handshake is indeed the culprit
http://www.onjava.com/pub/a/onjava/excerpt/java_security_ch1/?page=5
Hope this helps
Oleg
>
> import java.io.IOException;
> import java.net.InetAddress;
> import java.net.Socket;
> import java.net.UnknownHostException;
> import java.security.cert.X509Certificate;
>
> import org.apache.commons.httpclient.ConnectTimeoutException;
> import org.apache.commons.httpclient.HttpClientError;
> import org.apache.commons.httpclient.params.HttpConnectionParams;
> import
> org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
> import
> org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
>
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
>
> /**
> * <p>
> * EasySSLProtocolSocketFactory can be used to creats SSL [EMAIL PROTECTED]
> Socket}s
> * that accept self-signed certificates.
> * </p>
> * <p>
> * This socket factory SHOULD NOT be used for productive systems
> * due to security reasons, unless it is a concious decision and
> * you are perfectly aware of security implications of accepting
> * self-signed certificates
> * </p>
> *
> * <p>
> * Example of using custom protocol socket factory for a specific
host:
> * <pre>
> * Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
> *
> * HttpClient client = new HttpClient();
> * client.getHostConfiguration().setHost("localhost", 443,
> easyhttps);
> * // use relative url only
> * GetMethod httpget = new GetMethod("/");
> * client.executeMethod(httpget);
> * </pre>
> * </p>
> * <p>
> * Example of using custom protocol socket factory per default instead
> of the standard one:
> * <pre>
> * Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
> * Protocol.registerProtocol("https", easyhttps);
> *
> * HttpClient client = new HttpClient();
> * GetMethod httpget = new GetMethod("https://localhost/";);
> * client.executeMethod(httpget);
> * </pre>
> * </p>
> *
> * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
> *
> * <p>
> * DISCLAIMER: HttpClient developers DO NOT actively support this
> component.
> * The component is provided as a reference material, which may be
> inappropriate
> * for use without additional customization.
> * </p>
> */
>
> public class EasySSLProtocolSocketFactory implements
> SecureProtocolSocketFactory {
>
> /** Log object for this class. */
> private static final Log LOG =
> LogFactory.getLog(EasySSLProtocolSocketFactory.class);
>
> private SSLContext sslcontext = null;
>
> /**
> * Constructor for EasySSLProtocolSocketFactory.
> */
> public EasySSLProtocolSocketFactory() {
> super();
> }
>
> private SSLContext createEasySSLContext() {
> try {
> SSLContext context = SSLContext.getInstance("SSL");
> context.init(null, new TrustManager[] {new
> EasySSLProtocolSocketFactory.SecureManager()}, null);
> return context;
> } catch (Exception e) {
> LOG.error(e.getMessage(), e);
> throw new HttpClientError(e.toString());
> }
> }
>
> private SSLContext getSSLContext() {
> if (this.sslcontext == null) {
> this.sslcontext = createEasySSLContext();
> }
> return this.sslcontext;
> }
>
> /**
> * @see
>
SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.I
> netAddress,int)
> */
> public Socket createSocket(String host, int port, InetAddress
> clientHost, int clientPort) throws IOException, UnknownHostException {
> return getSSLContext().getSocketFactory().createSocket(host,
> port, clientHost, clientPort);
> }
>
> /**
> * Attempts to get a new socket connection to the given host
within
> the given time limit.
> * <p>
> * To circumvent the limitations of older JREs that do not support
> connect timeout a
> * controller thread is executed. The controller thread attempts
to
> create a new socket
> * within the given limit of time. If socket constructor does not
> return until the
> * timeout expires, the controller terminates and throws an [EMAIL
> PROTECTED]
> ConnectTimeoutException}
> * </p>
> *
> * @param host the host name/IP
> * @param port the port on the host
> * @param clientHost the local host name/IP to bind the socket to
> * @param clientPort the port on the local machine
> * @param params [EMAIL PROTECTED] HttpConnectionParams Http connection
> parameters}
> *
> * @return Socket a new socket
> *
> * @throws IOException if an I/O error occurs while creating the
> socket
> * @throws UnknownHostException if the IP address of the host
cannot
> be
> * determined
> */
> public Socket createSocket( final String host, final int port,
final
> InetAddress localAddress, final int localPort, final
> HttpConnectionParams params) throws IOException, UnknownHostException,
> ConnectTimeoutException {
> if (params == null) {
> throw new IllegalArgumentException("Parameters may not be
> null");
> }
> int timeout = params.getConnectionTimeout();
> if (timeout == 0) {
> return createSocket(host, port, localAddress, localPort);
> } else {
> // To be eventually deprecated when migrated to Java 1.4
or
> above
> return ControllerThreadSocketFactory.createSocket(
> this, host, port, localAddress, localPort,
timeout);
> }
> }
>
> /**
> * @see
> SecureProtocolSocketFactory#createSocket(java.lang.String,int)
> */
> public Socket createSocket(String host, int port) throws
> IOException, UnknownHostException {
> return getSSLContext().getSocketFactory().createSocket( host,
> port );
> }
>
> /**
> * @see
>
SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.Strin
> g,int,boolean)
> */
> public Socket createSocket(Socket socket, String host, int port,
> boolean autoClose) throws IOException, UnknownHostException {
> return getSSLContext().getSocketFactory().createSocket(
socket,
> host, port, autoClose );
> }
>
> public boolean equals(Object obj) {
> return ((obj != null) &&
> obj.getClass().equals(EasySSLProtocolSocketFactory.class));
> }
>
> public int hashCode() {
> return EasySSLProtocolSocketFactory.class.hashCode();
> }
>
> //Inner class
> class SecureManager implements X509TrustManager {
>
> public X509Certificate[] getAcceptedIssuers() { return null; }
>
> public void checkClientTrusted( X509Certificate[] certs,
String
> authType) {}
>
> public void checkServerTrusted(X509Certificate[] certs, String
> authType) {}
>
> }
> }
>
>
>
>
> -----Oprindelig meddelelse-----
> Fra: Oleg Kalnichevski [mailto:[EMAIL PROTECTED]
> Sendt: 5. januar 2006 13:29
> Til: [email protected]
> Emne: Re: SV: Slow to open connection after an hour or so
>
>
> On Thu, Jan 05, 2006 at 08:38:11AM +0100, Kim B. Andersen wrote:
> > Hi
> >
> > hope it's readable
> >
> > First hour
> >
> > 2006/01/03 14:46:49:926 CET [DEBUG] HttpConnection - Open connection
> to xxxxxxx:443
> > 2006/01/03 14:46:50:038 CET [DEBUG] header - >> "GET
> /Krump/Alivetest.do?ws HTTP/1.1[\r][\n]"
> >
> > After the first hour
> >
> > 2006/01/04 07:58:50:230 CET [DEBUG] HttpConnection - Open connection
> to xxxxxx:443
> > 2006/01/04 07:58:59:230 CET [DEBUG] header - >> "GET
> /Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
> >
>
> Kim,
>
> Apparently the 9sec delay is caused by the SSL related stuff. Most
> likely for some reason the SSL handshake takes some time. How do you
> configure the SSL context on the clietn side?
>
> Oleg
>
>
> > Kim Andersen
> > -----Oprindelig meddelelse-----
> > Fra: Ortwin Gl?ck [mailto:[EMAIL PROTECTED]
> > Sendt: 4. januar 2006 17:19
> > Til: HttpClient Project
> > Emne: Re: Slow to open connection after an hour or so
> >
> >
> > My ideas:
> > * Anything in the logs?
> > * Is there a chance that you are exhausting the connection pool by
> never
> > returning your connections? New connection requests would then block
> > until one gets available
> > * Maybe attach a debugger / profiler or use jconsole
> >
> > Hell, it would be nice if HttpClient had some JMX beans to provide
> > information about pools etc. at runtime. I'll add that as a
> requirement
> > for 4.0.
> >
> > Odi
> >
> > Kim B. Andersen wrote:
> > > Hi
> > >
> > > I'm devolping a program which grabs webpage every 5min and measure
> the
> > > time it takes. I have succesful used httpclient to get the pages
and
> it
> > > works fine:). The problem is opening of connection in httpclient
get
> > > very slow after and hour or so.The first hour opening a connection
> takes
> > > 50ms at max and after an hour it takes 10 seconds. Opening of
> connection
> > > gets fast if I restarte the program. Any Ideas what the problem
> could
> > > be?
> > >
> > > I have tried the following/uses:
> > >
> > > jvm version: 1.5.0_6/1.4.2_05
> > > httpclient: 3.0 rc4/ 3.0 rc4
> > > I have tried both with proxy and out
> > > I have tried both MultiThreadedHttpConnectionManager and simple
> > >
> > > Hope you can help me
> > >
> > > /Kim Andersen
> > >
> >
> > --
> > [web] http://www.odi.ch/
> > [blog] http://www.odi.ch/weblog/
> > [pgp] key 0x81CF3416
> > finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF
3416
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
