Kim, Here is my assessment of the situation.
The certificate chain in the log is just a very bloaty artifact of a different behaviour at the time a connection is established.
In fact from the first log you see that the two endpoints are reusing a session. Whereas in the second log they are establishing a completely new SSL session. That is probably due to a session timeout.
SSL tries to reuse sessions as much as possible, because that only requires the use of fast symmetric encryption algorithms. Creating a new SSL session may be expensive because there are asymmetric encryption algorithms and secure random number generator seeding involved which are both slow. There is a possibility to speed up the random number generation by saving the random seed for future use. On Unix systems there is also the problem of a slow /dev/random on some platforms.
You should now definitely run a profiler against your code to check which method exactly consumes so much time. I bet it is the random number seeding :-)
Cheers Ortwin Glück Kim B. Andersen wrote:
Oleg, I have tried setting check-stale to false and this doesn't solve the problem. I have also now collected the data. I have run the program with -Djavax.net.debug=ssl,handshake(I hope this is what you wanted) and it have produced the following data. After an hour the system suddently does something more than the first hour. A Certificate chain is introduced - what ever that is. /Kim Andersn before an hour %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5] %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 3220 pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105 pool-1-thread-1, READ: TLSv1 Handshake, length = 74 CONNECTION KEYGEN: %% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5] pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1 pool-1-thread-1, READ: TLSv1 Handshake, length = 32 pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32 pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156 pool-1-thread-1, READ: TLSv1 Application Data, length = 207
after an hour %% Client cached [Session-135, SSL_RSA_WITH_RC4_128_MD5] %% Try resuming [Session-135, SSL_RSA_WITH_RC4_128_MD5] from port 4771 pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105 pool-1-thread-1, READ: TLSv1 Handshake, length = 74 %% Created: [Session-136, SSL_RSA_WITH_RC4_128_MD5] pool-1-thread-1, READ: TLSv1 Handshake, length = 5138 pool-1-thread-1, READ: TLSv1 Handshake, length = 4 pool-1-thread-1, WRITE: TLSv1 Handshake, length = 134 SESSION KEYGEN: CONNECTION KEYGEN: pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1 pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32 pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1 pool-1-thread-1, READ: TLSv1 Handshake, length = 32 %% Cached client session: [Session-136, SSL_RSA_WITH_RC4_128_MD5] pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156 pool-1-thread-1, READ: TLSv1 Application Data, length = 207
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
