hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim B. Andersen" <KI...@tdc.dk>
Subject SV: SV: SV: Slow to open connection after an hour or so
Date Fri, 06 Jan 2006 07:53:58 GMT
Oleg,

I have tried setting check-stale to false and this doesn't solve the
problem. I have also now collected the data. I have run the program with
-Djavax.net.debug=ssl,handshake(I hope this is what you wanted) and it
have produced the following data. After an hour the system suddently
does something more than the first hour. A Certificate chain is
introduced - what ever that is.

/Kim Andersn

before an hour

2006/01/05 16:29:30:217 CET [DEBUG] HttpConnection - Open connection to
xxxxxxx:443
pool-1-thread-1, setSoTimeout(60000) called
pool-1-thread-1, setSoTimeout(60000) called
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "GET
/Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
2006/01/05 16:29:30:217 CET [DEBUG] HttpMethodBase - Adding Host request
header
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0-rc4[\r][\n]"
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "Host: xxxxxxxx[\r][\n]"
2006/01/05 16:29:30:217 CET [DEBUG] header - >> "[\r][\n]"
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 3220
*** ClientHello, TLSv1
RandomCookie:  GMT: 1119697754 bytes = { 175, 176, 119, 47, 186, 179,
77, 97, 52, 155, 144, 165, 175, 1, 1, 160, 74, 151, 230, 75, 131, 131,
239, 217, 66, 136, 178, 153 }
Session ID:  {6, 206, 72, 242, 166, 55, 197, 18, 85, 201, 28, 222, 64,
72, 11, 174, 176, 126, 107, 28, 14, 67, 134, 90, 133, 120, 89, 22, 56,
204, 84, 219}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105
pool-1-thread-1, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie:  GMT: 1119697752 bytes = { 109, 56, 78, 201, 62, 13, 197,
25, 126, 226, 226, 174, 172, 103, 73, 96, 27, 102, 40, 249, 104, 238,
222, 243, 120, 200, 129, 131 }
Session ID:  {6, 206, 72, 242, 166, 55, 197, 18, 85, 201, 28, 222, 64,
72, 11, 174, 176, 126, 107, 28, 14, 67, 134, 90, 133, 120, 89, 22, 56,
204, 84, 219}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
CONNECTION KEYGEN:
Client Nonce:
0000: 43 BD 3B 5A AF B0 77 2F   BA B3 4D 61 34 9B 90 A5
C.;Z..w/..Ma4...
0010: AF 01 01 A0 4A 97 E6 4B   83 83 EF D9 42 88 B2 99
....J..K....B...
Server Nonce:
0000: 43 BD 3B 58 6D 38 4E C9   3E 0D C5 19 7E E2 E2 AE
C.;Xm8N.>.......
0010: AC 67 49 60 1B 66 28 F9   68 EE DE F3 78 C8 81 83
.gI`.f(.h...x...
Master Secret:
0000: 14 EA 66 7C 14 4D C2 85   35 3F 38 8E 8A 7A 6D BC
..f..M..5?8..zm.
0010: 4D F6 32 D8 90 49 D7 47   AC 7B B3 11 F3 6D 21 0F
M.2..I.G.....m!.
0020: AE CB 60 84 38 2C E2 C5   55 8B 97 69 4B E0 74 83
..`.8,..U..iK.t.
Client MAC write Secret:
0000: D2 6C D5 E7 BC 43 43 95   9B D0 2A 06 62 1D F4 63
.l...CC...*.b..c
Server MAC write Secret:
0000: 2B 25 AD 9F 0A 2D F3 78   00 AB 3B 53 0D 65 60 89
+%...-.x..;S.e`.
Client write key:
0000: 9A 40 C7 71 36 DB BB D0   62 41 8F 3D 2E 57 74 63
.@.q6...bA.=.Wtc
Server write key:
0000: 60 6B E8 6B A3 D6 86 02   15 AA 7A F6 31 7D 3F 3A
`k.k......z.1.?:
... no IV for cipher
%% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5]
pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1
pool-1-thread-1, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 225, 21, 224, 199, 72, 143, 246, 98, 185, 26, 224, 199 }
***
pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 8, 233, 26, 6, 176, 3, 97, 108, 184, 93, 123, 61 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32
pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156
pool-1-thread-1, READ: TLSv1 Application Data, length = 207
2006/01/05 16:29:30:451 CET [DEBUG] header - << "HTTP/1.1 200
OK[\r][\n]"
2006/01/05 16:29:30:451 CET [DEBUG] header - << "Date: Thu, 05 Jan 2006
15:29:28 GMT[\r][\n]"
2006/01/05 16:29:30:451 CET [DEBUG] header - << "Server: Apache[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "Content-Type:
text/html[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "Content-Length:
120[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "Last-Modified: Mon, 07
Oct 2002 14:00:15 GMT[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] header - << "ETag:
"120-1033999215000"[\r][\n]"
2006/01/05 16:29:30:467 CET [DEBUG] HttpMethodBase - Buffering response
body
pool-1-thread-1, READ: TLSv1 Application Data, length = 136
2006/01/05 16:29:30:467 CET [DEBUG] HttpMethodBase - Resorting to
protocol version default close connection policy
2006/01/05 16:29:30:467 CET [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2006/01/05 16:29:30:467 CET [DEBUG] HttpConnection - Releasing
connection back to connection manager.


after an hour

2006/01/06 03:44:30:600 CET [DEBUG] HttpConnection - Open connection to
xxxxxxx:443
pool-1-thread-1, setSoTimeout(60000) called
pool-1-thread-1, setSoTimeout(60000) called
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "GET
/Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
2006/01/06 03:44:39:600 CET [DEBUG] HttpMethodBase - Adding Host request
header
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "User-Agent: Jakarta
Commons-HttpClient/3.0-rc4[\r][\n]"
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "Host:
xxxxxxxxx[\r][\n]"
2006/01/06 03:44:39:600 CET [DEBUG] header - >> "[\r][\n]"
%% Client cached [Session-135, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-135, SSL_RSA_WITH_RC4_128_MD5] from port 4771
*** ClientHello, TLSv1
RandomCookie:  GMT: 1119672471 bytes = { 17, 105, 185, 28, 127, 10, 54,
71, 40, 245, 252, 39, 15, 80, 225, 76, 47, 29, 52, 57, 245, 38, 73, 23,
95, 74, 40, 182 }
Session ID:  {243, 63, 246, 117, 176, 105, 224, 150, 73, 77, 87, 147,
150, 104, 220, 89, 212, 103, 26, 25, 31, 233, 165, 86, 47, 82, 249, 26,
206, 15, 235, 3}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105
pool-1-thread-1, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie:  GMT: 1119672469 bytes = { 0, 96, 86, 21, 168, 3, 63, 198,
149, 34, 189, 216, 193, 138, 57, 49, 170, 129, 25, 205, 129, 51, 20,
240, 187, 226, 178, 199 }
Session ID:  {247, 183, 113, 32, 30, 110, 63, 135, 239, 59, 53, 69, 226,
221, 180, 137, 168, 231, 102, 55, 235, 50, 204, 223, 244, 168, 196, 105,
55, 158, 4, 244}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***

////diffrent than the first

%% Created:  [Session-136, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
pool-1-thread-1, READ: TLSv1 Handshake, length = 5138
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=xxxxxx, OU=Services, O=TDC Tele Danmark A/S, L=Copenhagen,
ST=Copenhagen, C=DK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
108743470482425003628078020115619367307386847842110379391731715485724646
154508475535092040391270013106601631296118583507132677920181887829517935
250597224083381331131012349794503650770898238488079850040133082437967142
979313202745645900196912045975083548027767073348159063351754973498187688
095381333926743292613
  public exponent: 65537
  Validity: [From: Mon Mar 22 12:36:56 CET 2004,
               To: Wed Mar 22 13:06:56 CET 2006]
  Issuer: OU=TDC SSL Server CA, O=TDC, C=DK
  SerialNumber: [    3e2c3433]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4C AD B1 C0 55 84 12 E1   DE 18 E6 D7 54 E5 0D 13
L...U.......T...
0010: 18 EA 8A 1A                                        ....
]
]

[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL server
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FD 1E C2 B3 08 3A 95 D1   D4 A5 87 CE CD 41 84 73
.....:.......A.s
0010: EF 33 74 0D                                        .3t.
]

]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [CN=CRL1, OU=TDC SSL Server CA, O=TDC, C=DK]
, DistributionPoint:
     [URIName: http://crl.certifikat.dk/SSLServer.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.4386.2.1.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 23 68 74 74 70 3A 2F   2F 77 77 77 2E 63 65 72
.#http://www.cer
0010: 74 69 66 69 6B 61 74 2E   64 6B 2F 72 65 70 6F 73
tifikat.dk/repos
0020: 69 74 6F 72 79                                     itory

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 30 82 01 1B 30 13 16 0C   54 44 43 20 49 6E 74 65
0...0...TDC Inte
0010: 72 6E 65 74 30 03 02 01   01 1A 82 01 02 44 65 74
rnet0........Det
0020: 74 65 20 63 65 72 74 69   66 69 6B 61 74 20 65 72  te certifikat
er
0030: 20 75 64 73 74 65 64 74   20 75 6E 64 65 72 20 54   udstedt under
T
0040: 44 43 20 49 6E 74 65 72   6E 65 74 20 43 41 73 20  DC Internet CAs

0050: 43 65 72 74 69 66 69 6B   61 74 20 50 6F 6C 69 74  Certifikat
Polit
0060: 69 6B 20 66 6F 72 20 53   53 4C 20 53 65 72 76 65  ik for SSL
Serve
0070: 72 20 63 65 72 74 69 66   69 6B 61 74 65 72 20 28  r certifikater
(
0080: 4F 49 44 3D 31 2E 33 2E   36 2E 31 2E 34 2E 31 2E
OID=1.3.6.1.4.1.
0090: 34 33 38 36 2E 32 2E 31   2E 31 2E 31 29 2E 20 54  4386.2.1.1.1).
T
00A0: 68 69 73 20 63 65 72 74   69 66 69 63 61 74 65 20  his certificate

00B0: 69 73 20 69 73 73 75 65   64 20 75 6E 64 65 72 20  is issued under

00C0: 54 44 43 20 49 6E 74 65   72 6E 65 74 20 43 41 73  TDC Internet
CAs
00D0: 20 43 65 72 74 69 66 69   63 61 74 65 20 50 6F 6C   Certificate
Pol
00E0: 69 63 79 20 66 6F 72 20   53 53 4C 20 53 65 72 76  icy for SSL
Serv
00F0: 65 72 20 63 65 72 74 69   66 69 63 61 74 65 73 20  er certificates

0100: 28 4F 49 44 3D 31 2E 33   2E 36 2E 31 2E 34 2E 31
(OID=1.3.6.1.4.1
0110: 2E 34 33 38 36 2E 32 2E   31 2E 31 2E 31 29 2E     .4386.2.1.1.1).

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 02 A4 23 71 5B C8 05 8E   59 9E C8 FB 75 21 57 F2
..#q[...Y...u!W.
0010: 9A F6 08 1F A8 82 C2 FC   5E CE 38 9A BF 7B 7F C7
........^.8.....
0020: 85 C9 C9 B3 7F F6 6F B8   48 7C 80 AF D9 BC D5 D1
......o.H.......
0030: C4 13 C1 27 65 BA A8 D1   3D 53 AB CF FE 4C FE 77
...'e...=S...L.w
0040: A0 5B A1 C3 18 49 90 89   4F EA D9 30 A3 F4 E7 10
.[...I..O..0....
0050: EE 52 23 EA 04 1B 80 83   43 CA 93 C6 71 FA E4 BA
.R#.....C...q...
0060: 76 4E 7B D5 DE B9 C3 6F   E2 A6 6A EE B4 D8 DB 57
vN.....o..j....W
0070: BF FA 4C C5 83 B8 6C 2F   42 59 A0 FB 13 5D 0E 60
..L...l/BY...].`
0080: DA 5F F2 C2 06 13 D4 8F   E9 3B 0F A8 87 D5 C0 53
._.......;.....S
0090: 86 C9 EC 92 21 01 3F 39   5B 82 BF 86 F1 B7 B4 8F
....!.?9[.......
00A0: 08 3D 0E CF C8 FF 26 E4   E5 6F 00 F0 7F 56 46 D6
.=....&..o...VF.
00B0: 4F 18 A2 D5 01 36 D4 1E   59 F8 A6 8C 2F D9 7C 66
O....6..Y.../..f
00C0: AA 4C 4C 19 32 08 74 7E   AD 12 7A 8F 91 45 27 35
.LL.2.t...z..E'5
00D0: E5 7C 41 06 C8 EF 86 86   8E 36 49 9B B4 E6 47 88
..A......6I...G.
00E0: A7 18 D7 91 89 89 CA 18   7C 3A F2 29 0B 38 99 4E
.........:.).8.N
00F0: BF F2 23 80 DF 63 86 4C   25 98 55 47 92 E2 52 D3
..#..c.L%.UG..R.

]
chain [1] = [
[
  Version: V3
  Subject: OU=TDC SSL Server CA, O=TDC, C=DK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus:
274919061170462899876977327699837951960497963216030759720297395643266483
916148829346469882089462664962710815153105189988639150453152159522253040
474483783023785827736370461321488503687486268732420265222550507525621668
673197786708954580795146125106177766329144760352758261439708512590288359
532937105747296364257228981200884118530227561147467875616169047851507193
396209280240128516009535970054335233833614650129555609531570566921954028
811767419220027532341427420774871038449179195531627698124623005830698688
698976794805384812352765107545596054169096156340264667630375318283221221
46020494477816770183284386440657169613947
  public exponent: 65537
  Validity: [From: Wed Jan 22 15:36:41 CET 2003,
               To: Tue Jan 22 16:06:41 CET 2008]
  Issuer: OU=TDC Internet Root CA, O=TDC Internet, C=DK
  SerialNumber: [    3c19dc3b]

Certificate Extensions: 6
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 30 0A 1B 04 56 36   2E 30 03 02 04 90        ..0...V6.0....


[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FD 1E C2 B3 08 3A 95 D1   D4 A5 87 CE CD 41 84 73
.....:.......A.s
0010: EF 33 74 0D                                        .3t.
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6C 64 01 C7 FD 85 6D AC   C8 DA 9E 50 08 85 08 B5
ld....m....P....
0010: 3C 56 A8 50                                        <V.P
]

]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [CN=CRL1, OU=TDC Internet Root CA, O=TDC Internet, C=DK]
, DistributionPoint:
     [URIName: http://crl.certifikat.dk/Root_CA.crl]
]]

[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: BE 1E A0 BD 00 03 B4 8C   AE 82 2A 1E CC 02 52 2B
..........*...R+
0010: A6 E4 1D 5C 59 E6 25 C6   66 79 D7 E1 05 96 12 DD
...\Y.%.fy......
0020: 6B 1C 6B CD 06 69 28 7B   C2 6E AF F5 B3 73 03 07
k.k..i(..n...s..
0030: 5D 9D 12 7D 6F 7F E7 7B   E1 19 65 36 52 84 8D E7
]...o.....e6R...
0040: D5 86 53 F9 AC 2F 60 00   DC CB 00 32 98 FF 2A 12
..S../`....2..*.
0050: 03 05 86 97 1B 12 35 ED   26 72 8F 73 F4 87 51 CB
......5.&r.s..Q.
0060: F9 53 5B BC EE 52 49 16   41 58 39 15 72 AA 4E 3A
.S[..RI.AX9.r.N:
0070: 02 44 60 14 DF 27 2C B7   4E C2 AF B7 14 4F 76 DE
.D`..',.N....Ov.
0080: 6D BB EC E0 5A C4 BD A1   D1 79 AB DA 2F 0E 40 46
m...Z....y../.@F
0090: 4A 85 7C 06 C9 0B 2A 0E   F2 62 77 6B EE 77 6A A9
J.....*..bwk.wj.
00A0: 55 43 70 0D A2 E1 84 C9   AF E7 12 E2 0B F5 74 4A
UCp...........tJ
00B0: 45 0E 13 0A 14 C6 6D 7A   7E 06 46 A1 5E AF 9D 31
E.....mz..F.^..1
00C0: 3E 6D F3 4F BC 00 CF 0E   69 B2 61 80 60 00 66 4D
>m.O....i.a.`.fM
00D0: D8 FF 67 87 D7 DB F1 BE   18 C2 97 E4 E2 EF 4B 25
..g...........K%
00E0: FD D9 3C 3D 4C 7D CE 0C   13 82 CE D4 A8 3E E7 78
..<=L........>.x
00F0: 71 B5 72 B1 E1 DC 56 3E   37 71 8E 62 A2 DA F3 11
q.r...V>7q.b....

]
chain [2] = [
[
  Version: V3
  Subject: OU=TDC Internet Root CA, O=TDC Internet, C=DK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus:
248335662535080918120859006460603864568160126558579841045947842694533605
833929229075227656514409978993191437172272775048897839556506214496862985
240894733019772831448342314110312770194187283234081330172815917436552466
611802823921382121131166343614349656621306658177526788322231112727573563
941826973308732951434149167482040497143243283185075470233268822153834462
145146535001104999847034223875479024524207454224032106158270527296434682
929291001327560660254260525764883748354860452165370898441107821008749862
215657297404244608083391162523527573080188896845481162501263089844172570
69693500321025969501150623006544052872871
  public exponent: 65537
  Validity: [From: Sun Apr 01 14:00:00 CEST 2001,
               To: Wed Dec 31 13:00:00 CET 2008]
  Issuer: CN=GlobalSign Partners CA, OU=Partners CA, O=GlobalSign nv-sa,
C=BE
  SerialNumber: [    01000000 0000e5f2 1181ee]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6C 64 01 C7 FD 85 6D AC   C8 DA 9E 50 08 85 08 B5
ld....m....P....
0010: 3C 56 A8 50                                        <V.P
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 24 8D 70 15 08 62 55   9C 4F 0C 40 17 5D 86 5E
C$.p..bU.O.@.].^
0010: 0F A2 4C FB                                        ..L.
]

]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 38 76 F1 0B 02 CA 6F 1B   2E 2F D9 0B B1 36 8F E8
8v....o../...6..
0010: AC BA AA AC 56 B3 9D 6D   91 3E 04 92 E2 04 CF 19
....V..m.>......
0020: 2E 0F 88 F0 09 76 3E 32   F4 B9 E6 EC 39 63 77 50
.....v>2....9cwP
0030: F4 B9 F6 5C 43 C8 63 A7   58 F2 A2 57 40 E3 FD 25
...\C.c.X..W@..%
0040: 60 3A 62 F3 D6 38 D4 97   04 35 C2 16 EC B1 9E 96
`:b..8...5......
0050: 6B 3A 31 B8 39 FA 7A 84   3A 2C 35 01 3B F9 4E D5
k:1.9.z.:,5.;.N.
0060: 4A 72 F4 B9 A6 4A DA F4   FB 54 46 97 C6 61 0C 10
Jr...J...TF..a..
0070: B9 E0 0D BF 05 71 22 AC   05 E8 56 6E 67 93 02 E9
.....q"...Vng...
0080: D0 A6 11 77 1C 08 52 96   4D AA FA D3 7A 77 59 8D
...w..R.M...zwY.
0090: 22 EB 50 7D DA C7 3A 5F   99 EE B6 C2 17 83 EB 5B
".P...:_.......[
00A0: 29 5C 83 FE B0 C3 37 2E   28 62 93 55 B9 66 50 6D
)\....7.(b.U.fPm
00B0: C7 8F 2A 2A 1A 4B D1 37   4E 56 6E 5F CF EF 72 CB
..**.K.7NVn_..r.
00C0: 37 AD 9D 3E 91 02 96 2C   84 FC D1 44 07 45 C1 5A
7..>...,...D.E.Z
00D0: E3 62 9F 71 89 93 1A 99   FE E2 1F 86 2C 2E AA 56
.b.q........,..V
00E0: 1C 7D D7 4A 7B EA D2 73   D6 3B F5 AC F1 B2 9D CA
...J...s.;......
00F0: F6 A3 9B 18 98 C7 7F FC   5A FE 4F 34 A2 FC B6 FE
........Z.O4....

]
chain [3] = [
[
  Version: V3
  Subject: CN=GlobalSign Partners CA, OU=Partners CA, O=GlobalSign
nv-sa, C=BE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 2048 bits
  modulus:
265322193412512087504382428489627891549169544844901624556289338011808173
687538614219161349760345150163056158053239619111877230622056473173166549
314227462283331635012211783598649109977801346502594301756596862524813833
345345267011504193197733569818484711790128427747747931310296269529355948
036714952117939320660883789979810547509431904604342581626485579013552003
379340128124255961894735086666357789587924632106944662674194523805387959
152780512263723420631001422727221308842402181055214523977538899768651686
240436983867393154439902432364645114357682575512312806883504535492453499
48440375495896542837533902970517580852029
  public exponent: 65537
  Validity: [From: Thu Jan 28 13:00:00 CET 1999,
               To: Wed Jan 28 13:00:00 CET 2009]
  Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    02000000 0000d678 b9d1af]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 24 8D 70 15 08 62 55   9C 4F 0C 40 17 5D 86 5E
C$.p..bU.O.@.].^
0010: 0F A2 4C FB                                        ..L.
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 60 7B 66 1A 45 0D 97 CA   89 50 2F 7D 04 CD 34 A8
`.f.E....P/...4.
0010: FF FC FD 4B                                        ...K
]

]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: 66 ED B4 88 69 11 99 82   21 83 AC A1 6D 8B 9B 84
f...i...!...m...
0010: AD 0F 2D C8 1E 8C CA 7B   7E AD AA D4 8E DE 07 D6
..-.............
0020: 9E 45 C7 A5 B8 9C 07 39   60 25 55 1A C0 4F 19 E5
.E.....9`%U..O..
0030: CF 17 29 49 89 18 35 66   E5 EB 28 40 4E 57 C9 AF
..)I..5f..(@NW..
0040: B3 E4 B8 20 05 A3 3B 95   50 91 49 94 29 7D 2C E5  ...
..;.P.I.).,.
0050: 88 41 A5 45 88 5E 9D 82   27 F7 D2 EF 5B B5 4F 9F
.A.E.^..'...[.O.
0060: BE FE 35 65 2C 55 64 9F   E1 51 DA 22 61 77 BA 58
..5e,Ud..Q."aw.X
0070: 4E 8F C6 79 59 59 6E 30   80 A2 4F 90 6E 21 0B AD
N..yYYn0..O.n!..
0080: D0 68 39 90 10 9B ED 22   65 6F 1E 11 38 E6 7F 8C
.h9...."eo..8...
0090: D2 F3 39 6D 47 D5 21 E8   EA 75 3A 41 D1 AD F6 16
..9mG.!..u:A....
00A0: 9D 5D 0B 21 BD F3 1F 63   06 25 1D C1 1F 35 71 2C
.].!...c.%...5q,
00B0: EB 20 19 D5 C1 B0 EC 3D   E5 6F ED 02 07 3F 13 7B  .
.....=.o...?..
00C0: 66 92 D6 44 C1 98 F7 5F   50 8B 7A 5B C2 6F 6D B0
f..D..._P.z[.om.
00D0: D1 F8 E5 74 A0 40 37 A3   25 0F E4 3D CA 64 31 93
...t.@7.%..=.d1.
00E0: 90 5C 30 7B B9 39 31 9A   5E 4C CD B9 41 4F 50 E4
.\0..91.^L..AOP.
00F0: 3D 38 AE C8 66 D9 C7 3B   5D 51 47 AC 9B AB F2 AD
=8..f..;]QG.....

]
chain [4] = [
[
  Version: V3
  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  Sun RSA public key, 2048 bits
  modulus:
275272983313466246593078150033938714055440208592235712533385208047652234
309824582460987723211519416729616406276751862762050515262426433781001588
855132177420580564661683926500550131001048491763122941672420411403104357
720267176017631847064802594852128069022238948885667296342669846192211688
624218381922034951518937622167777483301299095882102032997785818981753208
829083719309844518090545096453792773097910849097057583724773208933361528
826298910142867448156843715107516748259202041804902581229868625395852019
341552209457329378303088343871080466570053634520717763967071812831434632
13972159925612976006433949563180335468751
  public exponent: 65537
  Validity: [From: Tue Sep 01 14:00:00 CEST 1998,
               To: Tue Jan 28 13:00:00 CET 2014]
  Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    02000000 0000d678 b79405]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 60 7B 66 1A 45 0D 97 CA   89 50 2F 7D 04 CD 34 A8
`.f.E....P/...4.
0010: FF FC FD 4B                                        ...K
]
]

[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
  Algorithm: [MD5withRSA]
  Signature:
0000: AE AA 9F FC B7 D2 CB 1F   5F 39 29 28 18 9E 34 C9
........_9)(..4.
0010: 6C 4F 6F 1A F0 64 A2 70   4A 4F 13 86 9B 60 28 9E
lOo..d.pJO...`(.
0020: E8 81 49 98 7D 0A BB E5   B0 9D 3D 36 DB 8F 05 51
..I.......=6...Q
0030: FF 09 31 2A 1F DD 89 77   9E 0F 2E 6C 95 04 ED 86
..1*...w...l....
0040: CB B4 00 3F 84 02 4D 80   6A 2A 2D 78 0B AE 6F 2B
...?..M.j*-x..o+
0050: A2 83 44 83 1F CD 50 82   4C 24 AF BD F7 A5 B4 C8
..D...P.L$......
0060: 5A 0F F4 E7 47 5E 49 8E   37 96 FE 9A 88 05 3A D9
Z...G^I.7.....:.
0070: C0 DB 29 87 E6 19 96 47   A7 3A A6 8C 8B 3C 77 FE
..)....G.:...<w.
0080: 46 63 A7 53 DA 21 D1 AC   7E 49 A2 4B E6 C3 67 59
Fc.S.!...I.K..gY
0090: 2F B3 8A 0E BB 2C BD A9   AA 42 7C 35 C1 D8 7F D5
/....,...B.5....
00A0: A7 31 3A 4E 63 43 39 AF   08 B0 61 34 8C D3 98 A9
.1:NcC9...a4....
00B0: 43 34 F6 0F 87 29 3B 9D   C2 56 58 98 77 C3 F7 1B
C4...);..VX.w...
00C0: AC F6 9D F8 3E AA A7 54   45 F0 F5 F9 D5 31 65 FE
....>..TE....1e.
00D0: 6B 58 9C 71 B3 1E D7 52   EA 32 17 FC 40 60 1D C9
kX.q...R.2..@`..
00E0: 79 24 B2 F6 6C FD A8 66   0E 82 DD 98 CB DA C2 44
y$..l..f.......D
00F0: 4F 2E A0 7B F2 F7 6B 2C   76 11 84 46 8A 78 A3 E3
O.....k,v..F.x..

]
***
pool-1-thread-1, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret:  { 3, 1, 106, 106, 107, 244, 154, 39, 2, 77, 187, 148,
200, 110, 74, 186, 64, 51, 71, 253, 91, 236, 13, 196, 233, 236, 201,
184, 126, 244, 95, 124, 216, 138, 209, 211, 40, 206, 51, 97, 48, 44,
250, 140, 252, 232, 17, 183 }
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 6A 6A 6B F4 9A 27   02 4D BB 94 C8 6E 4A BA
..jjk..'.M...nJ.
0010: 40 33 47 FD 5B EC 0D C4   E9 EC C9 B8 7E F4 5F 7C
@3G.[........._.
0020: D8 8A D1 D3 28 CE 33 61   30 2C FA 8C FC E8 11 B7
....(.3a0,......

///same again
CONNECTION KEYGEN:
Client Nonce:
0000: 43 BD D9 97 11 69 B9 1C   7F 0A 36 47 28 F5 FC 27
C....i....6G(..'
0010: 0F 50 E1 4C 2F 1D 34 39   F5 26 49 17 5F 4A 28 B6
.P.L/.49.&I._J(.
Server Nonce:
0000: 43 BD D9 95 00 60 56 15   A8 03 3F C6 95 22 BD D8
C....`V...?.."..
0010: C1 8A 39 31 AA 81 19 CD   81 33 14 F0 BB E2 B2 C7
..91.....3......
Master Secret:
0000: 74 1F E4 0E 6B 8D 48 DC   E9 9D 2F 56 7D 7C B2 BC
t...k.H.../V....
0010: A2 89 EB DD 24 DE 5C CB   CF 0F 08 47 E7 44 74 A8
....$.\....G.Dt.
0020: 23 4D 2A AE 9F 03 C3 96   BC F0 1E 02 6E B4 C3 07
#M*.........n...
Client MAC write Secret:
0000: F1 8F DB 6E 3E C9 34 85   FC D1 9C CF A6 C8 B6 21
...n>.4........!
Server MAC write Secret:
0000: 9F 3F 0B 03 74 07 EE 89   00 9E CD 00 07 47 20 89  .?..t........G
.
Client write key:
0000: EA DD EB AA E0 5B 8F 27   79 B3 82 AE AA FE 0F 9E
.....[.'y.......
Server write key:
0000: 2E D4 FC FA C8 15 45 42   50 59 D5 1C B6 87 2C 5B
......EBPY....,[
... no IV for cipher
pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 138, 10, 234, 8, 246, 57, 241, 237, 196, 114, 219, 106 }
***
pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32
pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1
pool-1-thread-1, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 31, 18, 23, 54, 115, 88, 235, 73, 33, 236, 89, 186 }
***
%% Cached client session: [Session-136, SSL_RSA_WITH_RC4_128_MD5]
pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156
pool-1-thread-1, READ: TLSv1 Application Data, length = 207
2006/01/06 03:44:39:866 CET [DEBUG] header - << "HTTP/1.1 200
OK[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Date: Fri, 06 Jan 2006
02:44:37 GMT[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Server: Apache[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Content-Type:
text/html[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Content-Length:
120[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "Last-Modified: Mon, 07
Oct 2002 14:00:15 GMT[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] header - << "ETag:
"120-1033999215000"[\r][\n]"
2006/01/06 03:44:39:866 CET [DEBUG] HttpMethodBase - Buffering response
body
pool-1-thread-1, READ: TLSv1 Application Data, length = 136
2006/01/06 03:44:39:866 CET [DEBUG] HttpMethodBase - Resorting to
protocol version default close connection policy
2006/01/06 03:44:39:866 CET [DEBUG] HttpMethodBase - Should NOT close
connection, using HTTP/1.1
2006/01/06 03:44:39:866 CET [DEBUG] HttpConnection - Releasing
connection back to connection manager.


-----Oprindelig meddelelse-----
Fra: Kim B. Andersen [mailto:KIBAN@tdc.dk] 
Sendt: 5. januar 2006 14:36
Til: HttpClient Project
Emne: SV: SV: SV: Slow to open connection after an hour or so


Oleg,

Thanks again for your help and I going to try 2 and 3. As for question 1
do reuse httpclient in making a sample, but I don't save httpclient
between samples

Example:

start sampling 1
createst httpclient
measure web1
measure web2
measure web3
finished sampling 1

start sampling 2
createst httpclient
measure web1
measure web2
measure web3
finished sampling 2

I will write back when I know more about 2 and 3

Kim Andersen


-----Oprindelig meddelelse-----
Fra: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sendt: 5. januar 2006 14:09
Til: httpclient-dev@jakarta.apache.org
Emne: Re: SV: SV: Slow to open connection after an hour or so


On Thu, Jan 05, 2006 at 01:51:24PM +0100, Kim B. Andersen wrote:
> Oleg,
> 
> The ssl certification is self signen, so I'm not interessed in
checking
> the certification. I use EasySSLProtocolSocketFactory( you properly
know
> the code ) :) , the only thing that I have changed is making an
internal
> class (SecureManager) instead of using EasyX509TrustManager.
> SecureManager does nothing. I thought that I did need to log this and
> that it would be faster when doing nothing - maybee I was wrong. As
you
> can see I'm a newbiee when it comes to http communication, so I have
> taken most of it from the web.


Kim,

(1) Are you re-using the instance of HttpClient along with all the
connections it may hold open? 

(2) Try turning off the stale connection check

http://jakarta.apache.org/commons/httpclient/performance.html#Stale%20co
nnection%20check

(3) Try running your app with SSL debugging on to see if the SSL
handshake is indeed the culprit

http://www.onjava.com/pub/a/onjava/excerpt/java_security_ch1/?page=5

Hope this helps

Oleg

> 
> import java.io.IOException;
> import java.net.InetAddress;
> import java.net.Socket;
> import java.net.UnknownHostException;
> import java.security.cert.X509Certificate;
> 
> import org.apache.commons.httpclient.ConnectTimeoutException;
> import org.apache.commons.httpclient.HttpClientError;
> import org.apache.commons.httpclient.params.HttpConnectionParams;
> import
> org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
> import
> org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
> 
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.TrustManager;
> import javax.net.ssl.X509TrustManager;
> 
> /**
>  * <p>
>  * EasySSLProtocolSocketFactory can be used to creats SSL {@link
> Socket}s
>  * that accept self-signed certificates.
>  * </p>
>  * <p>
>  * This socket factory SHOULD NOT be used for productive systems
>  * due to security reasons, unless it is a concious decision and
>  * you are perfectly aware of security implications of accepting
>  * self-signed certificates
>  * </p>
>  *
>  * <p>
>  * Example of using custom protocol socket factory for a specific
host:
>  *     <pre>
>  *     Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
>  *
>  *     HttpClient client = new HttpClient();
>  *     client.getHostConfiguration().setHost("localhost", 443,
> easyhttps);
>  *     // use relative url only
>  *     GetMethod httpget = new GetMethod("/");
>  *     client.executeMethod(httpget);
>  *     </pre>
>  * </p>
>  * <p>
>  * Example of using custom protocol socket factory per default instead
> of the standard one:
>  *     <pre>
>  *     Protocol easyhttps = new Protocol("https", new
> EasySSLProtocolSocketFactory(), 443);
>  *     Protocol.registerProtocol("https", easyhttps);
>  *
>  *     HttpClient client = new HttpClient();
>  *     GetMethod httpget = new GetMethod("https://localhost/");
>  *     client.executeMethod(httpget);
>  *     </pre>
>  * </p>
>  *
>  * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
>  *
>  * <p>
>  * DISCLAIMER: HttpClient developers DO NOT actively support this
> component.
>  * The component is provided as a reference material, which may be
> inappropriate
>  * for use without additional customization.
>  * </p>
>  */
> 
> public class EasySSLProtocolSocketFactory implements
> SecureProtocolSocketFactory {
> 
>     /** Log object for this class. */
>     private static final Log LOG =
> LogFactory.getLog(EasySSLProtocolSocketFactory.class);
> 
>     private SSLContext sslcontext = null;
> 
>     /**
>      * Constructor for EasySSLProtocolSocketFactory.
>      */
>     public EasySSLProtocolSocketFactory() {
>         super();
>     }
> 
>     private SSLContext createEasySSLContext() {
>         try {
>             SSLContext context = SSLContext.getInstance("SSL");
>             context.init(null, new TrustManager[] {new
> EasySSLProtocolSocketFactory.SecureManager()}, null);
>             return context;
>         } catch (Exception e) {
>             LOG.error(e.getMessage(), e);
>             throw new HttpClientError(e.toString());
>         }
>     }
> 
>     private SSLContext getSSLContext() {
>         if (this.sslcontext == null) {
>             this.sslcontext = createEasySSLContext();
>         }
>         return this.sslcontext;
>     }
> 
>     /**
>      * @see
>
SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.I
> netAddress,int)
>      */
>     public Socket createSocket(String host, int port, InetAddress
> clientHost, int clientPort) throws IOException, UnknownHostException {
>         return getSSLContext().getSocketFactory().createSocket(host,
> port, clientHost, clientPort);
>     }
> 
>     /**
>      * Attempts to get a new socket connection to the given host
within
> the given time limit.
>      * <p>
>      * To circumvent the limitations of older JREs that do not support
> connect timeout a
>      * controller thread is executed. The controller thread attempts
to
> create a new socket
>      * within the given limit of time. If socket constructor does not
> return until the
>      * timeout expires, the controller terminates and throws an {@link
> ConnectTimeoutException}
>      * </p>
>      *
>      * @param host the host name/IP
>      * @param port the port on the host
>      * @param clientHost the local host name/IP to bind the socket to
>      * @param clientPort the port on the local machine
>      * @param params {@link HttpConnectionParams Http connection
> parameters}
>      *
>      * @return Socket a new socket
>      *
>      * @throws IOException if an I/O error occurs while creating the
> socket
>      * @throws UnknownHostException if the IP address of the host
cannot
> be
>      * determined
>      */
>     public Socket createSocket( final String host, final int port,
final
> InetAddress localAddress, final int localPort, final
> HttpConnectionParams params) throws IOException, UnknownHostException,
> ConnectTimeoutException {
>         if (params == null) {
>             throw new IllegalArgumentException("Parameters may not be
> null");
>         }
>         int timeout = params.getConnectionTimeout();
>         if (timeout == 0) {
>             return createSocket(host, port, localAddress, localPort);
>         } else {
>             // To be eventually deprecated when migrated to Java 1.4
or
> above
>             return ControllerThreadSocketFactory.createSocket(
>                     this, host, port, localAddress, localPort,
timeout);
>         }
>     }
> 
>     /**
>      * @see
> SecureProtocolSocketFactory#createSocket(java.lang.String,int)
>      */
>     public Socket createSocket(String host, int port) throws
> IOException, UnknownHostException {
>         return getSSLContext().getSocketFactory().createSocket( host,
> port );
>     }
> 
>     /**
>      * @see
>
SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.Strin
> g,int,boolean)
>      */
>     public Socket createSocket(Socket socket, String host, int port,
> boolean autoClose) throws IOException, UnknownHostException {
>         return getSSLContext().getSocketFactory().createSocket(
socket,
> host, port, autoClose );
>     }
> 
>     public boolean equals(Object obj) {
>         return ((obj != null) &&
> obj.getClass().equals(EasySSLProtocolSocketFactory.class));
>     }
> 
>     public int hashCode() {
>         return EasySSLProtocolSocketFactory.class.hashCode();
>     }
> 
>     //Inner class
>     class SecureManager implements X509TrustManager {
> 
>         public X509Certificate[] getAcceptedIssuers() { return null; }
> 
>         public void checkClientTrusted( X509Certificate[] certs,
String
> authType) {}
> 
>         public void checkServerTrusted(X509Certificate[] certs, String
> authType) {}
> 
>     }
> }
> 
> 
> 
> 
> -----Oprindelig meddelelse-----
> Fra: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sendt: 5. januar 2006 13:29
> Til: httpclient-dev@jakarta.apache.org
> Emne: Re: SV: Slow to open connection after an hour or so
> 
> 
> On Thu, Jan 05, 2006 at 08:38:11AM +0100, Kim B. Andersen wrote:
> > Hi
> > 
> > hope it's readable
> > 
> > First hour
> > 
> > 2006/01/03 14:46:49:926 CET [DEBUG] HttpConnection - Open connection
> to xxxxxxx:443
> > 2006/01/03 14:46:50:038 CET [DEBUG] header - >> "GET
> /Krump/Alivetest.do?ws HTTP/1.1[\r][\n]"
> > 
> > After the first hour
> > 
> > 2006/01/04 07:58:50:230 CET [DEBUG] HttpConnection - Open connection
> to xxxxxx:443
> > 2006/01/04 07:58:59:230 CET [DEBUG] header - >> "GET
> /Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
> > 
> 
> Kim,
> 
> Apparently the 9sec delay is caused by the SSL related stuff. Most
> likely for some reason the SSL handshake takes some time. How do you
> configure the SSL context on the clietn side?
> 
> Oleg
> 
> 
> > Kim Andersen
> > -----Oprindelig meddelelse-----
> > Fra: Ortwin Gl?ck [mailto:odi@odi.ch] 
> > Sendt: 4. januar 2006 17:19
> > Til: HttpClient Project
> > Emne: Re: Slow to open connection after an hour or so
> > 
> > 
> > My ideas:
> > * Anything in the logs?
> > * Is there a chance that you are exhausting the connection pool by
> never 
> > returning your connections? New connection requests would then block

> > until one gets available
> > * Maybe attach a debugger / profiler or use jconsole
> > 
> > Hell, it would be nice if HttpClient had some JMX beans to provide 
> > information about pools etc. at runtime. I'll add that as a
> requirement 
> > for 4.0.
> > 
> > Odi
> > 
> > Kim B. Andersen wrote:
> > > Hi
> > > 
> > > I'm devolping a program which grabs webpage every 5min and measure
> the
> > > time it takes. I have succesful used httpclient to get the pages
and
> it
> > > works fine:). The problem is opening of connection in httpclient
get
> > > very slow after and hour or so.The first hour opening a connection
> takes
> > > 50ms at max and after an hour it takes 10 seconds. Opening of
> connection
> > > gets fast if I restarte the program. Any Ideas what the problem
> could
> > > be?
> > > 
> > > I have tried the following/uses:
> > > 
> > > jvm version: 	1.5.0_6/1.4.2_05
> > > httpclient:	3.0 rc4/ 3.0 rc4
> > > I have tried both with proxy and out
> > > I have tried both MultiThreadedHttpConnectionManager and simple
> > > 
> > > Hope you can help me
> > > 
> > > /Kim Andersen
> > > 
> > 
> > -- 
> > [web]  http://www.odi.ch/
> > [blog] http://www.odi.ch/weblog/
> > [pgp]  key 0x81CF3416
> >         finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF
3416
> > 
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
httpclient-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> httpclient-dev-help@jakarta.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
httpclient-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
httpclient-dev-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message