On Fri, Jan 06, 2006 at 02:51:45PM +0100, Ortwin Gl?ck wrote: > Kim, > > Here is my assessment of the situation. > > The certificate chain in the log is just a very bloaty artifact of a > different behaviour at the time a connection is established. > > In fact from the first log you see that the two endpoints are reusing a > session. Whereas in the second log they are establishing a completely > new SSL session. That is probably due to a session timeout. > > SSL tries to reuse sessions as much as possible, because that only > requires the use of fast symmetric encryption algorithms. > Creating a new SSL session may be expensive because there are asymmetric > encryption algorithms and secure random number generator seeding > involved which are both slow. There is a possibility to speed up the > random number generation by saving the random seed for future use. On > Unix systems there is also the problem of a slow /dev/random on some > platforms. > > You should now definitely run a profiler against your code to check > which method exactly consumes so much time. I bet it is the random > number seeding :-) > > Cheers > > Ortwin Gl?ck >
I second Odi's opinion Oleg > Kim B. Andersen wrote: > >Oleg, > > > >I have tried setting check-stale to false and this doesn't solve the > >problem. I have also now collected the data. I have run the program with > >-Djavax.net.debug=ssl,handshake(I hope this is what you wanted) and it > >have produced the following data. After an hour the system suddently > >does something more than the first hour. A Certificate chain is > >introduced - what ever that is. > > > >/Kim Andersn > > > >before an hour > >%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5] > >%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 3220 > >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105 > >pool-1-thread-1, READ: TLSv1 Handshake, length = 74 > >CONNECTION KEYGEN: > >%% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5] > >pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1 > >pool-1-thread-1, READ: TLSv1 Handshake, length = 32 > >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32 > >pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156 > >pool-1-thread-1, READ: TLSv1 Application Data, length = 207 > > > >after an hour > >%% Client cached [Session-135, SSL_RSA_WITH_RC4_128_MD5] > >%% Try resuming [Session-135, SSL_RSA_WITH_RC4_128_MD5] from port 4771 > >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 105 > >pool-1-thread-1, READ: TLSv1 Handshake, length = 74 > >%% Created: [Session-136, SSL_RSA_WITH_RC4_128_MD5] > >pool-1-thread-1, READ: TLSv1 Handshake, length = 5138 > >pool-1-thread-1, READ: TLSv1 Handshake, length = 4 > >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 134 > >SESSION KEYGEN: > >CONNECTION KEYGEN: > >pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1 > >pool-1-thread-1, WRITE: TLSv1 Handshake, length = 32 > >pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1 > >pool-1-thread-1, READ: TLSv1 Handshake, length = 32 > >%% Cached client session: [Session-136, SSL_RSA_WITH_RC4_128_MD5] > >pool-1-thread-1, WRITE: TLSv1 Application Data, length = 156 > >pool-1-thread-1, READ: TLSv1 Application Data, length = 207 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
