[jruby-dev] [jira] (JRUBY-6891) SSLSocket.accept forces reverse DNS lookup, not required for most SSL and sometimes causes very poor performance

[Ben Porterfield (JIRA)]

Ben Porterfield created JRUBY-6891 SSLSocket.accept forces reverse DNS lookup, not required for most SSL and sometimes causes very poor performance Issue Type: Bug Affects Versions: JRuby 1.7.0.pre2 Assignee: Unassigned Components: OpenSSL, Ruby 1.9.3 Created: 15/Sep/12 12:52 PM Description: Came across issue when a new client was getting ~10s delays before page loads. They were hitting an IP in their network that did not have reverse DNS name associated with it. Turned out that requests were being made by JRuby SSL to do reverse DNS lookup on the IP, and those requests were timing out before continuing with the request. https://github.com/jruby/jruby/blob/master/src/org/jruby/ext/openssl/SSLSocket.java#L142 - this line will always force a reverse DNS lookup for an SSL connection. http://docs.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLContext.html#createSSLEngine() - this documentation suggests that passing hostname and port should only be required for certain cipher suites. Perhaps a flag to force the reverse lookup if you think it's required? Additionally, there seems to be some potential issues in that SSLSocket is in no way associated with Ruby's Socket or BasicSocket...so, for example, a flag like BasicSocket.do_not_reverse_lookup will not be adhered to when using SSLSocket (See comment https://github.com/jruby/jruby/blob/master/src/org/jruby/ext/openssl/SSLSocket.java#L130, for example). Project: JRuby Priority: Major Reporter: Ben Porterfield

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email