tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <res0o...@verizon.net>
Subject Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL
Date Thu, 12 Sep 2002 06:16:50 GMT

"Andreas Mohrig" <andreas.mohrig@cadooz.de> wrote in message
news:70DD0724686ED611ACC70050228A1ECA06DC5E@SRV_1...
> I forgot to mention that my server works behind apache which is doing all
> the encryption, so at least my performance problem is definitely caused at
> the client side, i.e. within the java-code using the https implementation
> from jdk1.4. But even my tomcat alone is very fast. In my test environment
I
> can access the server both on port 443 (then apache will handle the
> encryption, leaving tomcat nothing to do but answer the request
unencrypted
> over ajp) and on 8443 (then tomcat will do the encryption, probably with
the
> help of the jdk1.4 components that were a part of JSSE prior to jdk1.4).
> There is no notable difference in speed between the two requests, not even
> if I close the browser to enforce a new ssl-handshake for each request.
>
> But thanks for the suggestions anyway, Bill. I downloaded PureTLS and the
> required packages for use on the client side. Unfortunately, there is no
> https protocol handler (at least none that I found so far) that could
> provide a replacement for the sun implementation. I'm looking for
something
> to specify in the following two statements to use PureTLS instead of the
> functionality provided by jdk1.4:
>
>     System.setProperty("java.protocol.handler.pkgs",
>             "com.sun.net.ssl.internal.www.protocol"); <-- here
>     Security.addProvider(
>             new com.sun.net.ssl.internal.ssl.Provider()); <-- and here
>
> Do you (or does anyone) know of something like this for PureTLS?

I, personally, don't know (or, rather, don't feel like digging through the
source code to find out :).  But sending to the PureTLS mailing list
<puretlsusers@rtfm.com> may help. Subscription address:
<puretls-users-request@rtfm.com>.  Links are based on documentation from
http://www.rtfm.com/puretls/.  I'm not personally involved with the PureTLS
project, so I'm not accepting any responsibility for broken links. ;-)

>
> And Wolfgang (you're right by the way assuming that I'm from germany, but
I
> hope our problem has nothing to do with that ;-), can you confirm that the
> problem is on the client side in the java code? How is the performance of
> your tomcat when you access the same resources with a browser?
> The forum-postings you quoted seem to imply that the low performance could
> have been a problem of jdk's prior to 1.4 as well which simply did not
show
> (at least from within applets running inside IE) because IE used it's own
> ssl/https-implementation when used with jdk1.3 (and earlier) and jdk1.4's
if
> used with that version.
>
> greetings
>
> Andreas Mohrig
>
> -----Original Message-----
> From: Bill Barker [mailto:res0ob23@verizon.net]
> Sent: Wednesday, September 11, 2002 7:29 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL
>
>
> I think that you are out of luck with 3.2.x.
>
> With 3.3.1 and 4.1.10 you can use PureTLS (http://www.rtfm.com/puretls).
> (With 4.0.4, you need to use the CoyoteConnector plugin to enable it).
I've
> heard good reports about using it with client-certs, but haven't tried it
> myself.
>
> Unfortunately, the documentation is still a little weak. :(  The best
place
> is the 3.3.1 documentation
> http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html. The
> translation to the 4.x CoyoteConnector is pretty straight-forward (the SSL
> attributes are on the Factory), but AFAIK, nobody has actually written it
up
> yet.
>
> "Wolfgang Stein" <zorro@gmd-net.de> wrote in message
> news:3D7E2D91.E896B378@gmd-net.de...
> > I realize you are also a German resident and
> > remember the download of JSSE were differing
> > for non-US citizens.
> > I assume we are victims of a hidden key escrow
> > or Echelon's information gathering efforts :-)
> >
> > But, all joking(?) aside:
> > This seems to be a known jdk1.4 issue. There are
> > some related postings at the developer connection
> > forums, e.g.
> > http://forum.java.sun.com/thread.jsp?forum=2&thread=239231)
> >
> > It ends up in the recommendation to use a commercial product
> > but also states that SUN's implementation were
> > "one of the better implementations" ...
> >
> > So,
> > did anybody succeed in using a third party JSSE that works
> > with tomcat and sufficient performance? Any suggestions ?
> >
> >
> > Thanks in advance,
> > Wolfgang
> >
> >
> > > -----Original Message-----
> > > From: Andreas Mohrig [mailto:andreas.mohrig@cadooz.de]
> > > Sent: Tuesday, September 10, 2002 2:20 PM
> > > To: 'Tomcat Users List'
> > > Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> > >
> > >
> > > I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and
> > > Windows NT
> > > client) and worrying about a quite similar problem. The
> > > server is extremely
> > > fast (I'd say the answer takes some milliseconds) when I
> > > access it with a
> > > browser (e.g. MS IE 5.0), but it takes about 20 seconds (!)
> > > when I try a
> > > request using java code like this:
> > >
> > >     URL url = new URL("https://myserver/myresource");
> > >     URLConnection con = url.openConnection();
> > >     BufferedReader reader = new BufferedReader(new
> > > InputStreamReader(con.getInputStream()));
> > >       StringBuffer resultbuffer = new StringBuffer();
> > >     String result = reader.readLine();
> > >     while (result!=null) {
> > >     resultbuffer.append(result);
> > >     resultbuffer.append("\n");
> > >     result = reader.readLine();
> > >     }
> > >     reader.close();
> > >
> > > This is true for subsequent requests as well. The content
> > > consists of about
> > > 100 bytes which should be no problem.
> > >
> > > So: yes, I'm experiencing a heavy performance problem. I
> > > can't say if it is
> > > a performance decrease, though, since I did not test with
> > > older Jdk's and
> > > jsse (perhaps I should...). Any solutions, hints or
> > > suggestions would be
> > > very welcome!
> > >
> > > greetings
> > >
> > > Andreas Mohrig
> > > -----Original Message-----
> > > From: Wolfgang Stein [mailto:zorro@gmd-net.de]
> > > Sent: Tuesday, September 10, 2002 12:15 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> > >
> > >
> > >
> > > Migrating from Jdk1.3 to Jdk1.4 we encountered a significant
> > > performance decrease on SSL-communications (server certs) between
> > > Applets and Tomcat 3.2.4.
> > >
> > > Did anybody experience similar performance losses ?
> > >
> > > Does this happen because of a low SSL implementation in jdk1.4 ?
> > > Did anybody successfully provide a faster implementation?
> > >
> > >
> > > We used jdk1.4 on client and server-side.
> > >
> > >
> > >
> > > Thanks in advance,
> > > Wolfgang
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:tomcat-user-help@jakarta.apache.org>
>
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>





--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message