Re: Question about ssl

Thu, 31 Mar 2022 07:50:50 -0700 

Hi Chris;

I'm measuring the time taken to process a request as reported by
inspector-network in brave.

SSL time to process through tomcat is 11ms.

Same request for a smaller file using a java SSL socket is taking 50ms
.. like this:

public static SSLServerSocket getServerSocketWithCert(int port,
            InputStream pathToCert, String passwordFromCert,
            ServerSecureType type) throws IOException,
            KeyManagementException, NoSuchAlgorithmException,
            CertificateException, KeyStoreException,
            UnrecoverableKeyException
    {
            X509TrustManager[] tmm;
            X509KeyManager[] kmm;
            KeyStore ks  = KeyStore.getInstance(instance);
            ks.load(pathToCert, passwordFromCert.toCharArray());
            tmm=tm(ks);
            kmm=km(ks, passwordFromCert);
            SSLContext ctx = SSLContext.getInstance(type.getType());
            ctx.init(kmm, tmm, null);
            SSLServerSocketFactory socketFactory =
                    (SSLServerSocketFactory) ctx.getServerSocketFactory();
            SSLServerSocket ssocket = (SSLServerSocket)
                socketFactory.createServerSocket(port);
            return ssocket;
    }

I'm using the cert at https://db2dom.com

It's still a tenth of a second to process the request with this "hand
rolled" method, but it's several orders of magnitude slower, and I'm
trying to figure out why (I'm obsessive with response times).

Sincerely,

John



On 3/28/22, Christopher Schultz <ch...@christopherschultz.net> wrote:
> John,
>
> On 3/26/22 22:29, John Dale (DB2DOM) wrote:
>> Can you help me understand why Tomcat's SSL handling is so much faster
>> than hand rolling it on a regular socket?
>
> I think you'll need to define some terms.
>
> For example, what do you mean when you say "faster", and how are you
> measuring that?
>
> What do you mean when you say "hand-rolling" your SSL and what is a
> "regular socket"?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to