Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E869B102F7 for ; Fri, 24 Jan 2014 11:58:45 +0000 (UTC) Received: (qmail 34158 invoked by uid 500); 24 Jan 2014 11:58:45 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 33938 invoked by uid 500); 24 Jan 2014 11:58:44 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 33681 invoked by uid 99); 24 Jan 2014 11:58:39 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jan 2014 11:58:39 +0000 Date: Fri, 24 Jan 2014 11:58:39 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (HTTPCORE-357) Option to disable DNS lookup on SSLIOSession MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCORE-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski resolved HTTPCORE-357. ---------------------------------------- Resolution: Fixed Fix Version/s: (was: 4.4) 4.4-alpha1 Patch committed to SVN trunk (I botched the commit though and the change got mixed with two other changes) Oleg > Option to disable DNS lookup on SSLIOSession > -------------------------------------------- > > Key: HTTPCORE-357 > URL: https://issues.apache.org/jira/browse/HTTPCORE-357 > Project: HttpComponents HttpCore > Issue Type: Improvement > Components: HttpCore NIO > Affects Versions: 4.3 > Reporter: Isaac Cruz Ballesteros > Fix For: 4.4-alpha1 > > Attachments: HTTPCORE-357.patch > > > The class org.apache.http.nio.reactor.ssl.SSLIOSession is performing a DNS lookup in line 125: > if (address instanceof InetSocketAddress) { > String hostname = ((InetSocketAddress) address).getHostName(); > int port = ((InetSocketAddress) address).getPort(); > this.sslEngine = sslContext.createSSLEngine(hostname, port); > } else { > this.sslEngine = sslContext.createSSLEngine(); > } > This lookup is not necessary to create the SSL engine (the method without parameters works the same), and it causes performance issues if the DNS server configured is not very fast. In my case, using a single thread, when receiving 50 requests at the same time, the SSL handshake takes more than two minutes and the clients are timing out. Checking the java thread stack, the thread is always stuck on this lookup, waiting for the DNS server which sometimes takes around 4 seconds to answer. > When not using SSL there's no lookup so everything works. > If this lookup makes sense in some cases (I don't know much on SSL internals), maybe there should be an option to disable the lookup -- This message was sent by Atlassian JIRA (v6.1.5#6160) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org