On Tuesday, October 14, 2003, at 08:57 PM, Calvin Powers wrote:
Some misc things to check:
-- As Don indicated above, make sure that the SSL implementation is not trying to do a reverse DNS lookup on the browser's IP address.
-- Make sure that the SSL implementation is not trying to fetch the certificate authority's signer certificate used in the SSL transaction from a remoe location. This could be ocurring on the server side (if you are using client side certificates to authenticate the web browser). But it's more likely to be occurring on the browser side as the browser tries to verify the certificates that the server sends to it. If you are using an in-house certificate authority, instead of getting a certificate from a commercial service, you may need to import the in-house certificate authority's signing certificate into the browser's key ring. Otherwise, the browser may be trying to fetch the certificate authority signing certificate from a remote location.
-- Some browsers have an option to check "revocation lists" to ensure that the certificate used by the server side during the SSL negotiation has not been "revoked" by the issuing certificate authority. Make sure this is turned off in your browser.
-- if your server supports HTTP 1.1 protocols, make sure it's enabled. This can greatly reduce the "ssl handshake" overhead that occurs at the beginning of each TCP connection.
I'm just curious, which SSL implementation are you using? The one that comes with the JVM these days?
I implemented the system Chris was writing about, and please correct me if I'm wrong, but the above items would slow down the connection phase of an SSL connection, but not the data transfer phase. The way the page is fetched a single SSL connection is made from the client, and then all of the 99 images are downloaded over that single socket. It is for this reason I assumed that the performance problem was in the SSL decryption system. A profiler shows that all of the time is being spent in the JSSE classes, but I haven't taken the time to figure out exactly what part.
-------------------------------- Michael Czeiszperger czei at webperformanceinc dot com Web Performance, Inc. Raleigh, NC 27615 919-845-7601
_______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
