Hi,
I've been experiencing trouble after migrating our company's web
application from Tomcat 5 to Tomcat 7. There's a significant slowdown
with https connections after the migration.
I'm aware that application has a flaw - there's a large number of http
request needed for generating a page (> 100 requests), but these are
mainly static content (css, js, images etc.) and only very limited (1-3)
ammount of requests are for dynamically generated content.
I've just tested the page generation time via local network (and
browser's cache off) and the page is being fully loaded in circa 2
seconds (with Firebug on) when using http, while loading the same page
using secure connection took as much as 10 times longer. It's extremely
weird for me, since I haven't noticed any significant differences
between Tomcat 5 and 7 approaches to SSL and the server.xml file is
pretty much the same.
Problems associated with server load, heavy user traffic or JVM params
are rather not an option here. The memory and CPU usage constantly stays
lower than with Tomcat 5.
Here are crucial parts of our server.xml file:
<Executor
name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="400" minSpareThreads="300" prestartminSpareThreads="true" />
<Connector port="80" protocol="HTTP/1.1" executor="tomcatThreadPool"
enableLookups="false" redirectPort="443" acceptCount="200"
tcpNoDelay="true" connectionTimeout="20000" maxKeepAliveRequests="200"
disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
compressableMimeType="application/javascript,text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json,application/xml"
/>
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
executor="tomcatThreadPool"
address="192.168.100.100"
enableLookups="false" disableUploadTimeout="true"
keystorePass="XXX" keystoreFile="XXX"
acceptCount="200" scheme="https" secure="true" SSLEnabled="true"
clientAuth="true" sslProtocol="TLS"
truststoreFile="XXX" truststorePass="XXX"
URIEncoding="UTF-8" compression="on"
compressableMimeType="application/javascript,text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json,application/xml"
/>
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
executor="tomcatThreadPool"
enableLookups="false" disableUploadTimeout="true"
acceptCount="200" scheme="https" secure="true" SSLEnabled="true"
address="192.168.100.101"
clientAuth="true" sslProtocol="TLS" keystorePass="XXX" keystoreFile="XXX"
truststoreFile="XXX" truststorePass="XXX"
URIEncoding="UTF-8" compression="on"
compressableMimeType="application/javascript,text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json,application/xml"
/>
Well, except for defining global thread pool nothing really changed
between our versions' configuration. I've experimented with Java Nio
Blocking Connector, but haven't noticed any significant improvement.
Also can't use APR Connector, because it's some kind of requirement that
we must use keystore files we already have.
Any ideas on how to improve SSL performance and what could possibly go
wrong?
Sorry for my English, for I'm not a native speaker :).
Regards,
MK
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org