hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Isaac Cruz Ballesteros (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCORE-357) Option to disable DNS lookup on SSLIOSession
Date Fri, 18 Oct 2013 11:00:57 GMT
Isaac Cruz Ballesteros created HTTPCORE-357:
-----------------------------------------------

             Summary: Option to disable DNS lookup on SSLIOSession
                 Key: HTTPCORE-357
                 URL: https://issues.apache.org/jira/browse/HTTPCORE-357
             Project: HttpComponents HttpCore
          Issue Type: Improvement
          Components: HttpCore NIO
    Affects Versions: 4.3
            Reporter: Isaac Cruz Ballesteros


The class org.apache.http.nio.reactor.ssl.SSLIOSession is performing a DNS lookup in line
125:
        if (address instanceof InetSocketAddress) {
            String hostname = ((InetSocketAddress) address).getHostName();
            int port = ((InetSocketAddress) address).getPort();
            this.sslEngine = sslContext.createSSLEngine(hostname, port);
        } else {
            this.sslEngine = sslContext.createSSLEngine();
        }

This lookup is not necessary to create the SSL engine (the method without parameters works
the same), and it causes performance issues if the DNS server configured is not very fast.
In my case, using a single thread, when receiving 50 requests at the same time, the SSL handshake
takes more than two minutes and the clients are timing out. Checking the java thread stack,
the thread is always stuck on this lookup, waiting for the DNS server which sometimes takes
around 4 seconds to answer.

When not using SSL there's no lookup so everything works.

If this lookup makes sense in some cases (I don't know much on SSL internals), maybe there
should be an option to disable the lookup



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message