[jira] [Commented] (FLINK-9878) IO worker threads BLOCKED on SSL Session Cache while CMS full gc

Mon, 23 Jul 2018 02:30:14 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16552557#comment-16552557
 ] 

ASF GitHub Bot commented on FLINK-9878:
---------------------------------------

Github user pnowojski commented on a diff in the pull request:

    https://github.com/apache/flink/pull/6355#discussion_r204336114
  
    --- Diff: 
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---
    @@ -163,80 +163,188 @@ public static void 
setSSLVerifyHostname(Configuration sslConfig, SSLParameters s
        }
     
        /**
    -    * Creates the SSL Context for the client if SSL is configured.
    +    * Configuration settings and key/trustmanager instances to set up an 
SSL client connection.
    +    */
    +   public static class SSLClientConfiguration {
    --- End diff --
    
    What's the value of introducing `SSLClientConfiguration`? As far as I can 
tell, the only point is to provide accessors to `handshakeTimeoutMS` and 
`closeNotifyFlushTimeoutMs` in `NettyClient#connect`, but it complicates 
initialisation by introducing one more extra obligatory step. 
    
    Wouldn't it be better to wrap `SSLContext` with our class that provides 
those accessors? It seems like this would also remove the need for separate 
`SSLClientConfiguration` and `SSLServerConfiguration`, since all of theirs 
fields  except of `handshakeTimeoutMS` and `closeNotifyFlushTimeoutMs` 
are/should be private.


> IO worker threads BLOCKED on SSL Session Cache while CMS full gc
> ----------------------------------------------------------------
>
>                 Key: FLINK-9878
>                 URL: https://issues.apache.org/jira/browse/FLINK-9878
>             Project: Flink
>          Issue Type: Bug
>          Components: Network
>    Affects Versions: 1.5.0, 1.5.1, 1.6.0
>            Reporter: Nico Kruber
>            Assignee: Nico Kruber
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.5.2, 1.6.0
>
>
> According to https://github.com/netty/netty/issues/832, there is a JDK issue 
> during garbage collection when the SSL session cache is not limited. We 
> should allow the user to configure this and further (advanced) SSL parameters 
> for fine-tuning to fix this and similar issues. In particular, the following 
> parameters should be configurable:
> - SSL session cache size
> - SSL session timeout
> - SSL handshake timeout
> - SSL close notify flush timeout



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to