hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCORE-357) Option to disable DNS lookup on SSLIOSession
Date Sat, 23 Nov 2013 16:39:35 GMT

     [ https://issues.apache.org/jira/browse/HTTPCORE-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Oleg Kalnichevski updated HTTPCORE-357:

    Attachment: HTTPCORE-357.patch

I am sorry it took so long. I committed the workaround you had proposed to 4.3 [1] and will
commit the patch attached once 4.4 has been branched out.


[1] http://svn.apache.org/viewvc?view=revision&revision=r1544821 

> Option to disable DNS lookup on SSLIOSession
> --------------------------------------------
>                 Key: HTTPCORE-357
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-357
>             Project: HttpComponents HttpCore
>          Issue Type: Improvement
>          Components: HttpCore NIO
>    Affects Versions: 4.3
>            Reporter: Isaac Cruz Ballesteros
>             Fix For: 4.4
>         Attachments: HTTPCORE-357.patch
> The class org.apache.http.nio.reactor.ssl.SSLIOSession is performing a DNS lookup in
line 125:
>         if (address instanceof InetSocketAddress) {
>             String hostname = ((InetSocketAddress) address).getHostName();
>             int port = ((InetSocketAddress) address).getPort();
>             this.sslEngine = sslContext.createSSLEngine(hostname, port);
>         } else {
>             this.sslEngine = sslContext.createSSLEngine();
>         }
> This lookup is not necessary to create the SSL engine (the method without parameters
works the same), and it causes performance issues if the DNS server configured is not very
fast. In my case, using a single thread, when receiving 50 requests at the same time, the
SSL handshake takes more than two minutes and the clients are timing out. Checking the java
thread stack, the thread is always stuck on this lookup, waiting for the DNS server which
sometimes takes around 4 seconds to answer.
> When not using SSL there's no lookup so everything works.
> If this lookup makes sense in some cases (I don't know much on SSL internals), maybe
there should be an option to disable the lookup

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message