[jira] [Closed] (JAMES-4193) SSL management improvments

Wed, 08 Apr 2026 17:22:17 -0700 


     [ 
https://issues.apache.org/jira/browse/JAMES-4193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Benoit Tellier closed JAMES-4193.
---------------------------------
    Resolution: Fixed

> SSL management improvments
> --------------------------
>
>                 Key: JAMES-4193
>                 URL: https://issues.apache.org/jira/browse/JAMES-4193
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: Benoit Tellier
>            Priority: Major
>         Attachments: Screenshot from 2026-03-28 06-54-41.png
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> h3. Why? 
> On flamegraphs (see attached) I was able to prove James uses up to 15% of its 
> applicative CPU doing SSL with JSSE including loads of handshakes which is 
> suboptimal
> h3. What?
> I first want to run a session cache for SSL, allowing reuse and skipping work 
> needed upon the handshake.
> Second I would like to run a custom implem based on boringssl and 
> netty-tcnative (linux only...) in tmail-backend and currently overrides are 
> only possible by subclassing. Evolve the Encryption.Factory so that it is 
> injected thus axtension could rely on Dependency Injections for overriding it.
> h3. How?
> h4. Session cache
> Conf:
> {code:java}
> <imapservers>
>     <imapserver enabled="true">
>         <jmxName>imapserver</jmxName>
>         <bind>0.0.0.0:143</bind>
>         <connectionBacklog>200</connectionBacklog>
>         <tls socketTLS="false" startTLS="true">
>             <!-- To create a new keystore execute:
>               keytool -genkey -alias james -keyalg RSA -storetype PKCS12 
> -keystore /path/to/james/conf/keystore
>              -->
>             <keystore>file://conf/keystore</keystore>
>             <keystoreType>PKCS12</keystoreType>
>             <secret>james72laBalle</secret>
>             
> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>              <sessionCacheSize>1M</sessionCacheSize>
>         </tls>
> ...
> {code}
> Expected gains: ~50% of these 3%, less object allocations, less latency upon 
> connect.
> So easy to do that we shall not refrain
> h4. Custom encryption layer
> {code:java}
> public interface Encryption {
>     interface Factory {
>         Encryption create(SslConfig conf) throws Exception;
>     }
> {code}
> Inject this, no longer hard code it's usage in LegacyJavaEncryptionFactory
> Gains: be able to specify our SSL strategy in Twake mail



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to