Slow Java SSL in a netty application
Question
I'm experiencing a significant performance degradation using netty's SslHandler vs an external SSL terminator like stud or stunnel. The difference is about 100ms in time to complete the handshake. I requested the same resource from my application several hundred times via httperf and made sure that the same cipher (DHE-RSA-AES128-SHA) was used in each case.
This question got no accepted answers, but the comments indicated that running an SSL terminator in front of a Java process might be a good idea.
Is this expected behavior? Is Java's SSL implementation known to be this much slower, or is it possible that I have some setting configured improperly?
2 answers
solution1
5 2016-11-17 19:39:28
Netty folks recommend openssl over JDK SSL for couple of reasons, performance is one of them. Explanation can be found on their wiki:
http://netty.io/wiki/requirements-for-4.x.html#benefits-of-using-openssl
solution2
3 ACCPTED 2012-10-16 20:35:55
Yeah it's known to be slow, compared to openssl,.. You could try to use native openssl bindings like twitter does:
https://github.com/twitter/finagle/tree/master/finagle-native
This is one reason for apr and SSL:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.