John,
On 3/31/22 10:50, John Dale (DB2DOM) wrote:
Hi Chris;
I'm measuring the time taken to process a request as reported by
inspector-network in brave.
SSL time to process through tomcat is 11ms.
Same request for a smaller file using a java SSL socket is taking 50ms
.. like this:
public static SSLServerSocket getServerSocketWithCert(int port,
InputStream pathToCert, String passwordFromCert,
ServerSecureType type) throws IOException,
KeyManagementException, NoSuchAlgorithmException,
CertificateException, KeyStoreException,
UnrecoverableKeyException
{
X509TrustManager[] tmm;
X509KeyManager[] kmm;
KeyStore ks = KeyStore.getInstance(instance);
ks.load(pathToCert, passwordFromCert.toCharArray());
tmm=tm(ks);
kmm=km(ks, passwordFromCert);
SSLContext ctx = SSLContext.getInstance(type.getType());
ctx.init(kmm, tmm, null);
SSLServerSocketFactory socketFactory =
(SSLServerSocketFactory) ctx.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket)
socketFactory.createServerSocket(port);
return ssocket;
}
I'm using the cert at https://db2dom.com
It's still a tenth of a second to process the request with this "hand
rolled" method, but it's several orders of magnitude slower, and I'm
trying to figure out why (I'm obsessive with response times).
So you have a hand-rolled TLS server (selected code above) and you are
comparing it to Tomcat?
It all depends upon what you are doing with that code above. Tomcat is
doing something like the above basically once and then re-using the same
Socket for a long time. Are you re-initializing your Socket for each
request perhaps?
Are you using exactly the same trust store and key store between your
hand-rolled code and Tomcat? The client is negotiating the exaxt same
cipher suite, etc.?
How many requests are you running your code through -- like after JVM
startup? Just one? Many? How many? Same questions for Tomcat.
It's always hard to set up a fair comparison, and you aren't giving us
very much information.
-chris
On 3/28/22, Christopher Schultz <ch...@christopherschultz.net> wrote:
John,
On 3/26/22 22:29, John Dale (DB2DOM) wrote:
Can you help me understand why Tomcat's SSL handling is so much faster
than hand rolling it on a regular socket?
I think you'll need to define some terms.
For example, what do you mean when you say "faster", and how are you
measuring that?
What do you mean when you say "hand-rolling" your SSL and what is a
"regular socket"?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
