"Andreas Mohrig" <[EMAIL PROTECTED]> wrote in message 70DD0724686ED611ACC70050228A1ECA06DC5E@SRV_1">news:70DD0724686ED611ACC70050228A1ECA06DC5E@SRV_1... > I forgot to mention that my server works behind apache which is doing all > the encryption, so at least my performance problem is definitely caused at > the client side, i.e. within the java-code using the https implementation > from jdk1.4. But even my tomcat alone is very fast. In my test environment I > can access the server both on port 443 (then apache will handle the > encryption, leaving tomcat nothing to do but answer the request unencrypted > over ajp) and on 8443 (then tomcat will do the encryption, probably with the > help of the jdk1.4 components that were a part of JSSE prior to jdk1.4). > There is no notable difference in speed between the two requests, not even > if I close the browser to enforce a new ssl-handshake for each request. > > But thanks for the suggestions anyway, Bill. I downloaded PureTLS and the > required packages for use on the client side. Unfortunately, there is no > https protocol handler (at least none that I found so far) that could > provide a replacement for the sun implementation. I'm looking for something > to specify in the following two statements to use PureTLS instead of the > functionality provided by jdk1.4: > > System.setProperty("java.protocol.handler.pkgs", > "com.sun.net.ssl.internal.www.protocol"); <-- here > Security.addProvider( > new com.sun.net.ssl.internal.ssl.Provider()); <-- and here > > Do you (or does anyone) know of something like this for PureTLS?
I, personally, don't know (or, rather, don't feel like digging through the source code to find out :). But sending to the PureTLS mailing list <[EMAIL PROTECTED]> may help. Subscription address: <[EMAIL PROTECTED]>. Links are based on documentation from http://www.rtfm.com/puretls/. I'm not personally involved with the PureTLS project, so I'm not accepting any responsibility for broken links. ;-) > > And Wolfgang (you're right by the way assuming that I'm from germany, but I > hope our problem has nothing to do with that ;-), can you confirm that the > problem is on the client side in the java code? How is the performance of > your tomcat when you access the same resources with a browser? > The forum-postings you quoted seem to imply that the low performance could > have been a problem of jdk's prior to 1.4 as well which simply did not show > (at least from within applets running inside IE) because IE used it's own > ssl/https-implementation when used with jdk1.3 (and earlier) and jdk1.4's if > used with that version. > > greetings > > Andreas Mohrig > > -----Original Message----- > From: Bill Barker [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 11, 2002 7:29 AM > To: [EMAIL PROTECTED] > Subject: Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL > > > I think that you are out of luck with 3.2.x. > > With 3.3.1 and 4.1.10 you can use PureTLS (http://www.rtfm.com/puretls). > (With 4.0.4, you need to use the CoyoteConnector plugin to enable it). I've > heard good reports about using it with client-certs, but haven't tried it > myself. > > Unfortunately, the documentation is still a little weak. :( The best place > is the 3.3.1 documentation > http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html. The > translation to the 4.x CoyoteConnector is pretty straight-forward (the SSL > attributes are on the Factory), but AFAIK, nobody has actually written it up > yet. > > "Wolfgang Stein" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I realize you are also a German resident and > > remember the download of JSSE were differing > > for non-US citizens. > > I assume we are victims of a hidden key escrow > > or Echelon's information gathering efforts :-) > > > > But, all joking(?) aside: > > This seems to be a known jdk1.4 issue. There are > > some related postings at the developer connection > > forums, e.g. > > http://forum.java.sun.com/thread.jsp?forum=2&thread=239231) > > > > It ends up in the recommendation to use a commercial product > > but also states that SUN's implementation were > > "one of the better implementations" ... > > > > So, > > did anybody succeed in using a third party JSSE that works > > with tomcat and sufficient performance? Any suggestions ? > > > > > > Thanks in advance, > > Wolfgang > > > > > > > -----Original Message----- > > > From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, September 10, 2002 2:20 PM > > > To: 'Tomcat Users List' > > > Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL > > > > > > > > > I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and > > > Windows NT > > > client) and worrying about a quite similar problem. The > > > server is extremely > > > fast (I'd say the answer takes some milliseconds) when I > > > access it with a > > > browser (e.g. MS IE 5.0), but it takes about 20 seconds (!) > > > when I try a > > > request using java code like this: > > > > > > URL url = new URL("https://myserver/myresource"); > > > URLConnection con = url.openConnection(); > > > BufferedReader reader = new BufferedReader(new > > > InputStreamReader(con.getInputStream())); > > > StringBuffer resultbuffer = new StringBuffer(); > > > String result = reader.readLine(); > > > while (result!=null) { > > > resultbuffer.append(result); > > > resultbuffer.append("\n"); > > > result = reader.readLine(); > > > } > > > reader.close(); > > > > > > This is true for subsequent requests as well. The content > > > consists of about > > > 100 bytes which should be no problem. > > > > > > So: yes, I'm experiencing a heavy performance problem. I > > > can't say if it is > > > a performance decrease, though, since I did not test with > > > older Jdk's and > > > jsse (perhaps I should...). Any solutions, hints or > > > suggestions would be > > > very welcome! > > > > > > greetings > > > > > > Andreas Mohrig > > > -----Original Message----- > > > From: Wolfgang Stein [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, September 10, 2002 12:15 PM > > > To: [EMAIL PROTECTED] > > > Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL > > > > > > > > > > > > Migrating from Jdk1.3 to Jdk1.4 we encountered a significant > > > performance decrease on SSL-communications (server certs) between > > > Applets and Tomcat 3.2.4. > > > > > > Did anybody experience similar performance losses ? > > > > > > Does this happen because of a low SSL implementation in jdk1.4 ? > > > Did anybody successfully provide a faster implementation? > > > > > > > > > We used jdk1.4 on client and server-side. > > > > > > > > > > > > Thanks in advance, > > > Wolfgang > > > > > > -- > > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>