Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-11 Thread Bill Barker 


"Andreas Mohrig" <[EMAIL PROTECTED]> wrote in message
70DD0724686ED611ACC70050228A1ECA06DC5E@SRV_1">news:70DD0724686ED611ACC70050228A1ECA06DC5E@SRV_1...
> I forgot to mention that my server works behind apache which is doing all
> the encryption, so at least my performance problem is definitely caused at
> the client side, i.e. within the java-code using the https implementation
> from jdk1.4. But even my tomcat alone is very fast. In my test environment
I
> can access the server both on port 443 (then apache will handle the
> encryption, leaving tomcat nothing to do but answer the request
unencrypted
> over ajp) and on 8443 (then tomcat will do the encryption, probably with
the
> help of the jdk1.4 components that were a part of JSSE prior to jdk1.4).
> There is no notable difference in speed between the two requests, not even
> if I close the browser to enforce a new ssl-handshake for each request.
>
> But thanks for the suggestions anyway, Bill. I downloaded PureTLS and the
> required packages for use on the client side. Unfortunately, there is no
> https protocol handler (at least none that I found so far) that could
> provide a replacement for the sun implementation. I'm looking for
something
> to specify in the following two statements to use PureTLS instead of the
> functionality provided by jdk1.4:
>
> System.setProperty("java.protocol.handler.pkgs",
> "com.sun.net.ssl.internal.www.protocol"); <-- here
> Security.addProvider(
> new com.sun.net.ssl.internal.ssl.Provider()); <-- and here
>
> Do you (or does anyone) know of something like this for PureTLS?

I, personally, don't know (or, rather, don't feel like digging through the
source code to find out :).  But sending to the PureTLS mailing list
<[EMAIL PROTECTED]> may help. Subscription address:
<[EMAIL PROTECTED]>.  Links are based on documentation from
http://www.rtfm.com/puretls/.  I'm not personally involved with the PureTLS
project, so I'm not accepting any responsibility for broken links. ;-)

>
> And Wolfgang (you're right by the way assuming that I'm from germany, but
I
> hope our problem has nothing to do with that ;-), can you confirm that the
> problem is on the client side in the java code? How is the performance of
> your tomcat when you access the same resources with a browser?
> The forum-postings you quoted seem to imply that the low performance could
> have been a problem of jdk's prior to 1.4 as well which simply did not
show
> (at least from within applets running inside IE) because IE used it's own
> ssl/https-implementation when used with jdk1.3 (and earlier) and jdk1.4's
if
> used with that version.
>
> greetings
>
> Andreas Mohrig
>
> -Original Message-
> From: Bill Barker [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 11, 2002 7:29 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL
>
>
> I think that you are out of luck with 3.2.x.
>
> With 3.3.1 and 4.1.10 you can use PureTLS (http://www.rtfm.com/puretls).
> (With 4.0.4, you need to use the CoyoteConnector plugin to enable it).
I've
> heard good reports about using it with client-certs, but haven't tried it
> myself.
>
> Unfortunately, the documentation is still a little weak. :(  The best
place
> is the 3.3.1 documentation
> http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html. The
> translation to the 4.x CoyoteConnector is pretty straight-forward (the SSL
> attributes are on the Factory), but AFAIK, nobody has actually written it
up
> yet.
>
> "Wolfgang Stein" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I realize you are also a German resident and
> > remember the download of JSSE were differing
> > for non-US citizens.
> > I assume we are victims of a hidden key escrow
> > or Echelon's information gathering efforts :-)
> >
> > But, all joking(?) aside:
> > This seems to be a known jdk1.4 issue. There are
> > some related postings at the developer connection
> > forums, e.g.
> > http://forum.java.sun.com/thread.jsp?forum=2&thread=239231)
> >
> > It ends up in the recommendation to use a commercial product
> > but also states that SUN's implementation were
> > "one of the better implementations" ...
> >
> > So,
> > did anybody succeed in using a third party JSSE that works
> > with tomcat and sufficient performance? Any suggestions ?
> >
> >
> > Thanks in advance,
> > Wolfgang
> >
> >
> > > -Original Message-
>

RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-11 Thread Andreas Mohrig 

I forgot to mention that my server works behind apache which is doing all
the encryption, so at least my performance problem is definitely caused at
the client side, i.e. within the java-code using the https implementation
from jdk1.4. But even my tomcat alone is very fast. In my test environment I
can access the server both on port 443 (then apache will handle the
encryption, leaving tomcat nothing to do but answer the request unencrypted
over ajp) and on 8443 (then tomcat will do the encryption, probably with the
help of the jdk1.4 components that were a part of JSSE prior to jdk1.4).
There is no notable difference in speed between the two requests, not even
if I close the browser to enforce a new ssl-handshake for each request.

But thanks for the suggestions anyway, Bill. I downloaded PureTLS and the
required packages for use on the client side. Unfortunately, there is no
https protocol handler (at least none that I found so far) that could
provide a replacement for the sun implementation. I'm looking for something
to specify in the following two statements to use PureTLS instead of the
functionality provided by jdk1.4:

System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol"); <-- here
Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider()); <-- and here

Do you (or does anyone) know of something like this for PureTLS?

And Wolfgang (you're right by the way assuming that I'm from germany, but I
hope our problem has nothing to do with that ;-), can you confirm that the
problem is on the client side in the java code? How is the performance of
your tomcat when you access the same resources with a browser?
The forum-postings you quoted seem to imply that the low performance could
have been a problem of jdk's prior to 1.4 as well which simply did not show
(at least from within applets running inside IE) because IE used it's own
ssl/https-implementation when used with jdk1.3 (and earlier) and jdk1.4's if
used with that version.

greetings

Andreas Mohrig

-Original Message-
From: Bill Barker [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 7:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL


I think that you are out of luck with 3.2.x.

With 3.3.1 and 4.1.10 you can use PureTLS (http://www.rtfm.com/puretls).
(With 4.0.4, you need to use the CoyoteConnector plugin to enable it).  I've
heard good reports about using it with client-certs, but haven't tried it
myself.

Unfortunately, the documentation is still a little weak. :(  The best place
is the 3.3.1 documentation
http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html. The
translation to the 4.x CoyoteConnector is pretty straight-forward (the SSL
attributes are on the Factory), but AFAIK, nobody has actually written it up
yet.

"Wolfgang Stein" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I realize you are also a German resident and
> remember the download of JSSE were differing
> for non-US citizens.
> I assume we are victims of a hidden key escrow
> or Echelon's information gathering efforts :-)
>
> But, all joking(?) aside:
> This seems to be a known jdk1.4 issue. There are
> some related postings at the developer connection
> forums, e.g.
> http://forum.java.sun.com/thread.jsp?forum=2&thread=239231)
>
> It ends up in the recommendation to use a commercial product
> but also states that SUN's implementation were
> "one of the better implementations" ...
>
> So,
> did anybody succeed in using a third party JSSE that works
> with tomcat and sufficient performance? Any suggestions ?
>
>
> Thanks in advance,
> Wolfgang
>
>
> > -Original Message-
> > From: Andreas Mohrig [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 10, 2002 2:20 PM
> > To: 'Tomcat Users List'
> > Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> >
> >
> > I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and
> > Windows NT
> > client) and worrying about a quite similar problem. The
> > server is extremely
> > fast (I'd say the answer takes some milliseconds) when I
> > access it with a
> > browser (e.g. MS IE 5.0), but it takes about 20 seconds (!)
> > when I try a
> > request using java code like this:
> >
> > URL url = new URL("https://myserver/myresource";);
> > URLConnection con = url.openConnection();
> > BufferedReader reader = new BufferedReader(new
> > InputStreamReader(con.getInputStream()));
> >   StringBuffer resultbuffer = new StringBuffer();
> > String result = reader.readLine();
> >

Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-10 Thread Bill Barker 

I think that you are out of luck with 3.2.x.

With 3.3.1 and 4.1.10 you can use PureTLS (http://www.rtfm.com/puretls).
(With 4.0.4, you need to use the CoyoteConnector plugin to enable it).  I've
heard good reports about using it with client-certs, but haven't tried it
myself.

Unfortunately, the documentation is still a little weak. :(  The best place
is the 3.3.1 documentation
http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html. The
translation to the 4.x CoyoteConnector is pretty straight-forward (the SSL
attributes are on the Factory), but AFAIK, nobody has actually written it up
yet.

"Wolfgang Stein" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I realize you are also a German resident and
> remember the download of JSSE were differing
> for non-US citizens.
> I assume we are victims of a hidden key escrow
> or Echelon's information gathering efforts :-)
>
> But, all joking(?) aside:
> This seems to be a known jdk1.4 issue. There are
> some related postings at the developer connection
> forums, e.g.
> http://forum.java.sun.com/thread.jsp?forum=2&thread=239231)
>
> It ends up in the recommendation to use a commercial product
> but also states that SUN's implementation were
> "one of the better implementations" ...
>
> So,
> did anybody succeed in using a third party JSSE that works
> with tomcat and sufficient performance? Any suggestions ?
>
>
> Thanks in advance,
> Wolfgang
>
>
> > -Original Message-
> > From: Andreas Mohrig [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 10, 2002 2:20 PM
> > To: 'Tomcat Users List'
> > Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> >
> >
> > I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and
> > Windows NT
> > client) and worrying about a quite similar problem. The
> > server is extremely
> > fast (I'd say the answer takes some milliseconds) when I
> > access it with a
> > browser (e.g. MS IE 5.0), but it takes about 20 seconds (!)
> > when I try a
> > request using java code like this:
> >
> > URL url = new URL("https://myserver/myresource";);
> > URLConnection con = url.openConnection();
> > BufferedReader reader = new BufferedReader(new
> > InputStreamReader(con.getInputStream()));
> >   StringBuffer resultbuffer = new StringBuffer();
> > String result = reader.readLine();
> > while (result!=null) {
> > resultbuffer.append(result);
> > resultbuffer.append("\n");
> > result = reader.readLine();
> > }
> > reader.close();
> >
> > This is true for subsequent requests as well. The content
> > consists of about
> > 100 bytes which should be no problem.
> >
> > So: yes, I'm experiencing a heavy performance problem. I
> > can't say if it is
> > a performance decrease, though, since I did not test with
> > older Jdk's and
> > jsse (perhaps I should...). Any solutions, hints or
> > suggestions would be
> > very welcome!
> >
> > greetings
> >
> > Andreas Mohrig
> > -Original Message-
> > From: Wolfgang Stein [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 10, 2002 12:15 PM
> > To: [EMAIL PROTECTED]
> > Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> >
> >
> >
> > Migrating from Jdk1.3 to Jdk1.4 we encountered a significant
> > performance decrease on SSL-communications (server certs) between
> > Applets and Tomcat 3.2.4.
> >
> > Did anybody experience similar performance losses ?
> >
> > Does this happen because of a low SSL implementation in jdk1.4 ?
> > Did anybody successfully provide a faster implementation?
> >
> >
> > We used jdk1.4 on client and server-side.
> >
> >
> >
> > Thanks in advance,
> > Wolfgang
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-10 Thread Wolfgang Stein 

I realize you are also a German resident and
remember the download of JSSE were differing
for non-US citizens.
I assume we are victims of a hidden key escrow
or Echelon's information gathering efforts :-)

But, all joking(?) aside:
This seems to be a known jdk1.4 issue. There are
some related postings at the developer connection
forums, e.g.
http://forum.java.sun.com/thread.jsp?forum=2&thread=239231)

It ends up in the recommendation to use a commercial product
but also states that SUN's implementation were
"one of the better implementations" ...

So, 
did anybody succeed in using a third party JSSE that works
with tomcat and sufficient performance? Any suggestions ?


Thanks in advance,
Wolfgang
 

> -Original Message-
> From: Andreas Mohrig [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 10, 2002 2:20 PM
> To: 'Tomcat Users List'
> Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> 
> 
> I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and 
> Windows NT
> client) and worrying about a quite similar problem. The 
> server is extremely
> fast (I'd say the answer takes some milliseconds) when I 
> access it with a
> browser (e.g. MS IE 5.0), but it takes about 20 seconds (!) 
> when I try a
> request using java code like this:
> 
>   URL url = new URL("https://myserver/myresource";);
>   URLConnection con = url.openConnection();
>   BufferedReader reader = new BufferedReader(new
> InputStreamReader(con.getInputStream()));
>   StringBuffer resultbuffer = new StringBuffer();
>   String result = reader.readLine();
>   while (result!=null) {
>   resultbuffer.append(result);
>   resultbuffer.append("\n");
>   result = reader.readLine();
>   }
>   reader.close();
> 
> This is true for subsequent requests as well. The content 
> consists of about
> 100 bytes which should be no problem. 
> 
> So: yes, I'm experiencing a heavy performance problem. I 
> can't say if it is
> a performance decrease, though, since I did not test with 
> older Jdk's and
> jsse (perhaps I should...). Any solutions, hints or 
> suggestions would be
> very welcome!
> 
> greetings
> 
> Andreas Mohrig
> -Original Message-
> From: Wolfgang Stein [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 10, 2002 12:15 PM
> To: [EMAIL PROTECTED]
> Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL
> 
> 
> 
> Migrating from Jdk1.3 to Jdk1.4 we encountered a significant 
> performance decrease on SSL-communications (server certs) between 
> Applets and Tomcat 3.2.4.
> 
> Did anybody experience similar performance losses ?
> 
> Does this happen because of a low SSL implementation in jdk1.4 ?
> Did anybody successfully provide a faster implementation?
> 
> 
> We used jdk1.4 on client and server-side.
> 
> 
> 
> Thanks in advance,
> Wolfgang
> 
> --
> To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-10 Thread Andreas Mohrig 

I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and Windows NT
client) and worrying about a quite similar problem. The server is extremely
fast (I'd say the answer takes some milliseconds) when I access it with a
browser (e.g. MS IE 5.0), but it takes about 20 seconds (!) when I try a
request using java code like this:

URL url = new URL("https://myserver/myresource";);
URLConnection con = url.openConnection();
BufferedReader reader = new BufferedReader(new
InputStreamReader(con.getInputStream()));
  StringBuffer resultbuffer = new StringBuffer();
String result = reader.readLine();
while (result!=null) {
resultbuffer.append(result);
resultbuffer.append("\n");
result = reader.readLine();
}
reader.close();

This is true for subsequent requests as well. The content consists of about
100 bytes which should be no problem. 

So: yes, I'm experiencing a heavy performance problem. I can't say if it is
a performance decrease, though, since I did not test with older Jdk's and
jsse (perhaps I should...). Any solutions, hints or suggestions would be
very welcome!

greetings

Andreas Mohrig
-Original Message-
From: Wolfgang Stein [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 10, 2002 12:15 PM
To: [EMAIL PROTECTED]
Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL



Migrating from Jdk1.3 to Jdk1.4 we encountered a significant 
performance decrease on SSL-communications (server certs) between 
Applets and Tomcat 3.2.4.

Did anybody experience similar performance losses ?

Does this happen because of a low SSL implementation in jdk1.4 ?
Did anybody successfully provide a faster implementation?


We used jdk1.4 on client and server-side.



Thanks in advance,
Wolfgang

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-10 Thread Wolfgang Stein 


Migrating from Jdk1.3 to Jdk1.4 we encountered a significant 
performance decrease on SSL-communications (server certs) between 
Applets and Tomcat 3.2.4.

Did anybody experience similar performance losses ?

Does this happen because of a low SSL implementation in jdk1.4 ?
Did anybody successfully provide a faster implementation?


We used jdk1.4 on client and server-side.



Thanks in advance,
Wolfgang

--
To unsubscribe, e-mail:   
For additional commands, e-mail: