tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michał Kapituła <michal.kapit...@comarch.pl>
Subject Slow SSL connections after Tomcat 5 to 7 migration
Date Wed, 04 May 2011 09:03:35 GMT
Hi,

I've been experiencing trouble after migrating our company's web 
application from Tomcat 5 to Tomcat 7. There's a significant slowdown 
with https connections after the migration.

I'm aware that application has a flaw - there's a large number of http 
request needed for generating a page (> 100 requests), but these are 
mainly static content (css, js, images etc.) and only very limited (1-3) 
ammount of requests are for dynamically generated content.

I've just tested the page generation time via local network (and 
browser's cache off) and the page is being fully loaded in circa 2 
seconds (with Firebug on) when using http, while loading the same page 
using secure connection took as much as 10 times longer. It's extremely 
weird for me, since I haven't noticed any significant differences 
between Tomcat 5 and 7 approaches to SSL and the server.xml file is 
pretty much the same.

Problems associated with server load, heavy user traffic or JVM params 
are rather not an option here. The memory and CPU usage constantly stays 
lower than with Tomcat 5.

Here are crucial parts of our server.xml file:

<Executor
name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="400" minSpareThreads="300" prestartminSpareThreads="true" />

<Connector port="80" protocol="HTTP/1.1" executor="tomcatThreadPool"
enableLookups="false" redirectPort="443" acceptCount="200"
tcpNoDelay="true" connectionTimeout="20000" maxKeepAliveRequests="200"
disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
compressableMimeType="application/javascript,text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json,application/xml"

/>

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" 
executor="tomcatThreadPool"
address="192.168.100.100"
enableLookups="false" disableUploadTimeout="true"
  keystorePass="XXX" keystoreFile="XXX"
acceptCount="200" scheme="https" secure="true" SSLEnabled="true"
clientAuth="true" sslProtocol="TLS"
  truststoreFile="XXX" truststorePass="XXX"
URIEncoding="UTF-8" compression="on"
compressableMimeType="application/javascript,text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json,application/xml"

/>


<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" 
executor="tomcatThreadPool"
enableLookups="false" disableUploadTimeout="true"
acceptCount="200" scheme="https" secure="true" SSLEnabled="true"
address="192.168.100.101"
  clientAuth="true" sslProtocol="TLS" keystorePass="XXX" keystoreFile="XXX"
  truststoreFile="XXX" truststorePass="XXX"
URIEncoding="UTF-8" compression="on"
compressableMimeType="application/javascript,text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json,application/xml"

/>


Well, except for defining global thread pool nothing really changed 
between our versions' configuration. I've experimented with Java Nio 
Blocking Connector, but haven't noticed any significant improvement. 
Also can't use APR Connector, because it's some kind of requirement that 
we must use keystore files we already have.

Any ideas on how to improve SSL performance and what could possibly go 
wrong?

Sorry for my English, for I'm not a native speaker :).

Regards,

MK

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message