Hi all, I am reviewing some legacy code in Apache OFBiz [*], in the attempt to simplify its integration with Tomcat 8.0.+ and in preparation to upgrade to Tomcat 8.5.+. I have noticed that OFBiz, which starts a Tomcat instance in embedded mode, uses a legacy class that extends the Tomcat's JSSEImplementation class. This implementation, in particular, overrides the getServerFactory(...) method to save an instance of ServerSocketFactory and return it if already set [**].
Unfortunately I don't know enough about Tomcat internals to understand if the OFBiz implementation makes any sense: do you have any feedback to share on how this code could affect the behavior of Tomcat? Maybe a difference in performance in the setup of an encrypted connection? As a side note, OFBiz seems to work fine even when I switch to the Tomcat standard implementation by setting: sslImplementationName=org.apache.tomcat.util.net.jsse.JSSEImplementation Thanks in advance, Jacopo [*] http://ofbiz.apache.org/ [**] the OFBiz legacy implementation (simplified) of JSSEImplementation: public class SSLImpl extends JSSEImplementation { protected ServerSocketFactory ssFactory = null; @Override public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) { if (this.ssFactory == null) { this.ssFactory = (new JSSEImplementation()).getServerSocketFactory(endpoint); } return ssFactory; } }
