hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SV: SV: SV: Slow to open connection after an hour or so
Date Fri, 06 Jan 2006 14:22:53 GMT
On Fri, Jan 06, 2006 at 02:51:45PM +0100, Ortwin Gl?ck wrote:
> Kim,
> 
> Here is my assessment of the situation.
> 
> The certificate chain in the log is just a very bloaty artifact of a 
> different behaviour at the time a connection is established.
> 
> In fact from the first log you see that the two endpoints are reusing a 
> session. Whereas in the second log they are establishing a completely 
> new SSL session. That is probably due to a session timeout.
> 
> SSL tries to reuse sessions as much as possible, because that only 
> requires the use of fast symmetric encryption algorithms.
> Creating a new SSL session may be expensive because there are asymmetric 
> encryption algorithms and secure random number generator seeding 
> involved which are both slow. There is a possibility to speed up the 
> random number generation by saving the random seed for future use. On 
> Unix systems there is also the problem of a slow /dev/random on some 
> platforms.
> 
> You should now definitely run a profiler against your code to check 
> which method exactly consumes so much time. I bet it is the random 
> number seeding :-)
> 
> Cheers
> 
> Ortwin Gl?ck
> 

I second Odi's opinion

Oleg


> Kim B. Andersen wrote:
> >Oleg,
> >
> >I have tried setting check-stale to false and this doesn't solve the
> >problem. I have also now collected the data. I have run the program with
> >-Djavax.net.debug=ssl,handshake(I hope this is what you wanted) and it
> >have produced the following data. After an hour the system suddently
> >does something more than the first hour. A Certificate chain is
> >introduced - what ever that is.
> >
> >/Kim Andersn
> >
> >before an hour
> >%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> >%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 3220
> >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105
> >pool-1-thread-1, READ: TLSv1 Handshake, length = 74
> >CONNECTION KEYGEN:
> >%% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5]
> >pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1
> >pool-1-thread-1, READ: TLSv1 Handshake, length = 32
> >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32
> >pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156
> >pool-1-thread-1, READ: TLSv1 Application Data, length = 207
> 
> 
> >after an hour
> >%% Client cached [Session-135, SSL_RSA_WITH_RC4_128_MD5]
> >%% Try resuming [Session-135, SSL_RSA_WITH_RC4_128_MD5] from port 4771
> >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105
> >pool-1-thread-1, READ: TLSv1 Handshake, length = 74
> >%% Created:  [Session-136, SSL_RSA_WITH_RC4_128_MD5]
> >pool-1-thread-1, READ: TLSv1 Handshake, length = 5138
> >pool-1-thread-1, READ: TLSv1 Handshake, length = 4
> >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 134
> >SESSION KEYGEN:
> >CONNECTION KEYGEN:
> >pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1
> >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32
> >pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1
> >pool-1-thread-1, READ: TLSv1 Handshake, length = 32
> >%% Cached client session: [Session-136, SSL_RSA_WITH_RC4_128_MD5]
> >pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156
> >pool-1-thread-1, READ: TLSv1 Application Data, length = 207
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message