From dev-return-2473-apmail-jmeter-dev-archive=jmeter.apache.org@jmeter.apache.org  Wed Sep  4 23:33:38 2013
Return-Path: <dev-return-2473-apmail-jmeter-dev-archive=jmeter.apache.org@jmeter.apache.org>
X-Original-To: apmail-jmeter-dev-archive@minotaur.apache.org
Delivered-To: apmail-jmeter-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C21651035D
	for <apmail-jmeter-dev-archive@minotaur.apache.org>; Wed,  4 Sep 2013 23:33:38 +0000 (UTC)
Received: (qmail 23482 invoked by uid 500); 4 Sep 2013 23:33:38 -0000
Delivered-To: apmail-jmeter-dev-archive@jmeter.apache.org
Received: (qmail 23460 invoked by uid 500); 4 Sep 2013 23:33:38 -0000
Mailing-List: contact dev-help@jmeter.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@jmeter.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@jmeter.apache.org>
List-Post: <mailto:dev@jmeter.apache.org>
List-Id: <dev.jmeter.apache.org>
Reply-To: dev@jmeter.apache.org
Delivered-To: mailing list dev@jmeter.apache.org
Received: (qmail 23452 invoked by uid 99); 4 Sep 2013 23:33:38 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Sep 2013 23:33:38 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of sebbaz@gmail.com designates 74.125.82.169 as permitted sender)
Received: from [74.125.82.169] (HELO mail-we0-f169.google.com) (74.125.82.169)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Sep 2013 23:33:32 +0000
Received: by mail-we0-f169.google.com with SMTP id t60so1091494wes.28
        for <dev@jmeter.apache.org>; Wed, 04 Sep 2013 16:33:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=ZdSdZZb8gIzicgoYkztQSOo0/4D5+WuCCkNxbwriWa4=;
        b=VzaAi/jPmc4/SUava7YQdDv2YmV/5DqhQdToc1QbhSke1HpjFlz9InCgsdeax4+yCY
         c+z1a0RpVNbmLuSGtWR5rZM16Mw4WY2Kos44y6BoQlRppniDfND92xufsy6xvR1C29Gd
         ImblXZlHsMoN8p7oOTqZfOn672av89yxdSdqhunHRDsXEFstSS2DbsxYChOZADQIxb/t
         bi3Z8hAHKjZQnBCtmiQItVNJI6FfdBLRtvYtZhAtbQPlMww1v4LgkTF9WBuZXcCuaQTD
         pMHshv1A1sdEqEiGG88UiTGK3PUrv3KXG0H5z9qHFWzXMihNNAQ1C4cwQHigWviN2UMu
         dPAw==
MIME-Version: 1.0
X-Received: by 10.181.12.75 with SMTP id eo11mr4083692wid.24.1378337591641;
 Wed, 04 Sep 2013 16:33:11 -0700 (PDT)
Received: by 10.194.16.167 with HTTP; Wed, 4 Sep 2013 16:33:11 -0700 (PDT)
Date: Thu, 5 Sep 2013 00:33:11 +0100
Message-ID: <CAOGo0VYYxgGV6iUk5W4QY2TUBZ8Dr1cxmzQAYc9Bzk4EQYVJzA@mail.gmail.com>
Subject: SSLContextFactory - do we really need one per host?
From: sebb <sebbaz@gmail.com>
To: dev@jmeter.apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

The Proxy class currently creates a SSLSocketFactory for each different host.

However, as far as I can tell, the created SSLSocketFactory instance
is configured exactly the same for all hosts.

So I wonder why the SSLSocketFactory instances cannot be shared
between different hosts?

I did a quick experiment, and the code seemed to still work OK if only
one SSLSocketFactory was created.

It would obviously be cheaper to re-use the factory for all hosts if possible.

Also, in order to implement Bug 55507, we would like to generate
certifcates for domains, not single hosts, and it would be a lot
easier to manage if we only needed to cache the factory once for each
domain.