Return-Path: 
 <users-return-40485-apmail-camel-users-archive=camel.apache.org@camel.apache.org>
X-Original-To: apmail-camel-users-archive@www.apache.org
Delivered-To: apmail-camel-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 624CDC9F7
	for <apmail-camel-users-archive@www.apache.org>;
 Tue, 25 Jun 2013 09:20:27 +0000 (UTC)
Received: (qmail 64785 invoked by uid 500); 25 Jun 2013 09:20:26 -0000
Delivered-To: apmail-camel-users-archive@camel.apache.org
Received: (qmail 64752 invoked by uid 500); 25 Jun 2013 09:20:25 -0000
Mailing-List: contact users-help@camel.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@camel.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@camel.apache.org>
List-Post: <mailto:users@camel.apache.org>
List-Id: <users.camel.apache.org>
Reply-To: users@camel.apache.org
Delivered-To: mailing list users@camel.apache.org
Received: (qmail 64744 invoked by uid 99); 25 Jun 2013 09:20:25 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Jun 2013 09:20:25 +0000
X-ASF-Spam-Status: No, hits=0.3 required=5.0
	tests=FREEMAIL_REPLY,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of claus.ibsen@gmail.com
 designates 209.85.223.174 as permitted sender)
Received: from [209.85.223.174] (HELO mail-ie0-f174.google.com)
 (209.85.223.174)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Jun 2013 09:20:20 +0000
Received: by mail-ie0-f174.google.com with SMTP id 9so26306990iec.5
        for <users@camel.apache.org>; Tue, 25 Jun 2013 02:19:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type:content-transfer-encoding;
        bh=jniekRkEtYS16G4Ei0GG9GtaHTc4jQgYsH4Nb8/Bz5A=;
        b=cKH3K6KIZTKLv/6wqke0m7l6aHi2tAyflspcqxw6dWi45CoJU/l3S4x/z5EEdf9TsW
         LrSb1uNIBMRiNz0HdZpatYhm6Amx40I9Cegds0pC0GLjyMIi4l0542TG4vHyAC0n2MO2
         s7OaaeKWaXNXimtKmO7byyqlWMjA98LU1DEPkzvfDZrkoDN3HDkMNW0JKsichn+w0nxo
         cAk4p9WnzWRihFkOuBest2MiT4i9fYzXL9uHuyMD6JnFaVrIbJKGpHjIKS6w1VAQwvFB
         2XHUK4JeeRNHV1slCByzArQhvEDwqy3iLuhcYBK7RK3EbXyz/58J/0Ia5gR/1zttSWB8
         t4cQ==
X-Received: by 10.50.27.37 with SMTP id q5mr7878574igg.52.1372151999381; Tue,
 25 Jun 2013 02:19:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.86.233 with HTTP; Tue, 25 Jun 2013 02:19:39 -0700 (PDT)
In-Reply-To: 
 <CAPVtPhrZPTyQ3tAhxS9vfQ=MrShNcsn-w6Ss0mAZNv8M5SMx5g@mail.gmail.com>
References: 
 <CAPVtPhpjXJAYYkzxSiMY=4yV7+HgX5jt+KPOP=o8KG1zVgxJ3w@mail.gmail.com>
 <B453A4C6E3E5443C99FB9ADA152681E6@gmail.com>
 <CAPVtPhpeEuBcAbHh2C6kNpv5VvnVkmuuM4avegvGy4cXbZVqQw@mail.gmail.com>
 <AB8217BDA765485C9AD13959D743EAA8@gmail.com>
 <CAPVtPhrZPTyQ3tAhxS9vfQ=MrShNcsn-w6Ss0mAZNv8M5SMx5g@mail.gmail.com>
From: Claus Ibsen <claus.ibsen@gmail.com>
Date: Tue, 25 Jun 2013 11:19:39 +0200
Message-ID: 
 <CAGB5yNk9E03NU=MYSrpFdS05tbE0vU8S9JrFoaj-YoxRi0QAkA@mail.gmail.com>
Subject: Re: Performance Degradation due to Reverse DNS Lookups
To: "users@camel.apache.org" <users@camel.apache.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

On Tue, Jun 18, 2013 at 3:39 PM, rouble <r.ouble@gmail.com> wrote:
> We already do something similar:
> <SNIP>
>                 SSLContext ctx =3D SSLContext.getInstance("SSL");
>                 ctx.init(null, new TrustManager[] { new
> TrustAllTrustManager() }, null);
>                 SSLSocketFactory ssf =3D new SSLSocketFactory(ctx,
> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> </SNIP>
>
> This issue does not have to do with the host name verifier or with
> camel per se, but more to do with the fact that Java core
> implementation will try to do a reverse dns lookup when creating a
> secure connection to an ip address. There are workarounds, but those
> would need to be implemented in camel.
>
> Cheers
> rouble
>

Yeah would be nice if we have a simple way of turning this on. Fell
free to log a JIRA ticket.


>
>
> On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang <willem.jiang@gmail.com> wr=
ote:
>> Hi,
>>
>> I'm not sure if setting the dummy implementation of X509HostnameVerifier=
 can resolve the issue.
>> Can you try it to see if it work?
>>
>>
>> --
>> Willem Jiang
>>
>> Red Hat, Inc.
>> FuseSource is now part of Red Hat
>> Web: http://www.fusesource.com | http://www.redhat.com
>> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)=
 (English)
>>           http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>> Twitter: willemjiang
>> Weibo: =E5=A7=9C=E5=AE=81willem
>>
>>
>>
>>
>>
>> On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
>>
>>> In my router configuration I am specifying "https4" - is that what you
>>> wanted to know?
>>>
>>> cheers
>>> rouble
>>>
>>> On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang <willem.jiang@gmail.com (m=
ailto:willem.jiang@gmail.com)> wrote:
>>> > Hi,
>>> >
>>> > There are lots of http related components can provide the https conne=
ction, it could be helpful if you can tell us which http component you are =
using.
>>> >
>>> > --
>>> > Willem Jiang
>>> >
>>> > Red Hat, Inc.
>>> > FuseSource is now part of Red Hat
>>> > Web: http://www.fusesource.com | http://www.redhat.com
>>> > Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.co=
m/) (English)
>>> > http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>>> > Twitter: willemjiang
>>> > Weibo: =E5=A7=9C=E5=AE=81willem
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
>>> >
>>> > > Camel Dudes,
>>> > >
>>> > > We have detected a very strange issue in that our https routes degr=
ade
>>> > > in performance when an ip address is used (as opposed to a domain
>>> > > name).
>>> > >
>>> > > Turns out that the Java core libraries do reverse DNS lookup for ip
>>> > > address when SSL connections are created. Read all about it here:
>>> > >
>>> > > https://forums.oracle.com/forums/thread.jspa?threadID=3D1532033
>>> > > http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl=
-reverse-dns-lookup
>>> > >
>>> > > This becomes an issue when the IP address is not configured in the =
DNS
>>> > > server and the reverse DNS fails. In this case each connection has =
to
>>> > > wait for a timeout of the reverse DNS request before it can proceed=
.
>>> > > This makes domain name connections faster than ip address connectio=
ns
>>> > > - which is backwards.
>>> > >
>>> > > Is this a known issue? There are a few workarounds/hacks recommende=
d
>>> > > on the interwebs, I was wondering if it would be possible to introd=
uce
>>> > > them into camel
>>> > > (http://www.velocityreviews.com/forums/showpost.php?p=3D2959030&pos=
tcount=3D8).
>>> > >
>>> > > tia,
>>> > > rouble
>>> >
>>>
>>
>>
>>



--
Claus Ibsen
-----------------
www.camelone.org: The open source integration conference.

Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen