On Sat, 6 Nov 2021 08:54:33 GMT, Daniel JeliĆski wrote:
> Can we extend the public API of `SSLContext` with methods for managing
> `activeProtocols`, `activeCipherSuites` and possibly `algorithmConstraints`?
> Without this API change we would need to check every time if the active
> protocols, ciphers and constraints match the cached ones.
>
Yes, it is one direction that we could consider to have more configuration in
SSLContext, rather than configure individually in each socket. I think it may
improve the performance a lot.
> Also, looking at the flame graphs provided, it appears that about 50% of the
> handshake time is spent in `SSLAlgorithmDecomposer#decompose`; given that
> there are only 3 instances of that class (and could be further reduced to 2),
> would it make sense to optimize the method by caching the results of
> algorithm decomposition?
If it is true, I think should optimize the decompose method, may be not limited
to caching.
-
PR: https://git.openjdk.java.net/jdk/pull/5793