I'm experiencing a significant performance degradation using netty's SslHandler
vs an external SSL terminator like stud or stunnel. The difference is about 100ms in time to complete the handshake. I requested the same resource from my application several hundred times via httperf and made sure that the same cipher (DHE-RSA-AES128-SHA) was used in each case.
This question got no accepted answers, but the comments indicated that running an SSL terminator in front of a Java process might be a good idea.
Is this expected behavior? Is Java's SSL implementation known to be this much slower, or is it possible that I have some setting configured improperly?
javax.net.ssl.SSLHandshakeException. Indicates that the client and server could not negotiate the desired level of security. The connection is no longer usable.
Netty folks recommend openssl over JDK SSL for couple of reasons, performance is one of them. Explanation can be found on their wiki:
http://netty.io/wiki/requirements-for-4.x.html#benefits-of-using-openssl
Yeah it's known to be slow, compared to openssl,.. You could try to use native openssl bindings like twitter does:
https://github.com/twitter/finagle/tree/master/finagle-native
This is one reason for apr and SSL:
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With