Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Slow Java SSL in a netty application

Tags:

java

ssl

netty

I'm experiencing a significant performance degradation using netty's SslHandler vs an external SSL terminator like stud or stunnel. The difference is about 100ms in time to complete the handshake. I requested the same resource from my application several hundred times via httperf and made sure that the same cipher (DHE-RSA-AES128-SHA) was used in each case.

This question got no accepted answers, but the comments indicated that running an SSL terminator in front of a Java process might be a good idea.

Is this expected behavior? Is Java's SSL implementation known to be this much slower, or is it possible that I have some setting configured improperly?

like image 861
Greg Soltis Avatar asked Oct 16 '12 19:10

Greg Soltis


People also ask

What is javax net SSL SSLHandshakeException?

javax.net.ssl.SSLHandshakeException. Indicates that the client and server could not negotiate the desired level of security. The connection is no longer usable.


2 Answers

Netty folks recommend openssl over JDK SSL for couple of reasons, performance is one of them. Explanation can be found on their wiki:

http://netty.io/wiki/requirements-for-4.x.html#benefits-of-using-openssl

like image 191
W.Azhar Avatar answered Sep 22 '22 12:09

W.Azhar


Yeah it's known to be slow, compared to openssl,.. You could try to use native openssl bindings like twitter does:

https://github.com/twitter/finagle/tree/master/finagle-native

This is one reason for apr and SSL:

http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS

like image 26
Norman Maurer Avatar answered Sep 21 '22 12:09

Norman Maurer