[jira] Commented: (DIRMINA-471) Reduce SSL buffers overhead

Wed, 21 Nov 2007 15:54:14 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRMINA-471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12544642
 ] 

Michael Matovsky commented on DIRMINA-471:
------------------------------------------

In our testing we also found an additional opportunity for
improvement. The improvement comes from the recognizing a known
limitation in Sun's implementation of SSLEngine. The SSLEngine will
return BUFFER_OVERFLOW unless the buffer size is at least
SSLSession.getPacketBufferSize(), which is 16K. Consequently,
regardless of how much data is produced, SSLEngine always requires 16K
buffers. To improve memory consumption, packet buffer pool can be
introduced. The pooled buffers will be used to decode/encode data
from/to SSLEngine. The produced data is then copied into smaller
private buffers and the common buffer is released to the pool.

-Michael


> Reduce SSL buffers overhead
> ---------------------------
>
>                 Key: DIRMINA-471
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-471
>             Project: MINA
>          Issue Type: Improvement
>          Components: Filter
>    Affects Versions: 1.0.7, 1.1.4
>         Environment: NA
>            Reporter: Michael Matovsky
>            Assignee: Trustin Lee
>             Fix For: 2.0.0-M1
>
>
> There is a significant overhead for SSL connections.
> Investigation shows that every SSL connection requires an SSLHandler, which 
> contains 3 buffers:
> - Two buffers for encrypted inbound and outbound packets, respectively.
> - One buffer for decrypted application data
> The buffer sizes are computed as follows:
> Packet buffer size = the current size of the largest SSL/TLS packet that is 
> expected when using this session (SSLSession.packetBufferSize())
> Application buffer size = 2 x packet buffer size
> In Sun JSSE the SSLSession.packetBufferSize() equals to 16K, which implies a 
> total of 64K SSL buffer space per connection. For 10K active this means that 
> 640MB of memory is required just for SSL buffers.
> Such overhead really limits the number of concurrent connections an 
> application can support. 
> A possible resolution is to dynamically re-adjusting the buffer capacity, and 
> allowing to configure the initial buffer sizes.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to