Installing Jenkins (WAR) on Tomcat - Corrupts SMTP / Email for Java Apps
Tomcat Users, Sorry if this is a bit off base, but does anyone have experience with this unusual problem? As soon as I uninstall Jenkins (& restart tomcat), I can send java emails just fine through Tomcat. When I load the Jenkins war it breaks emails being sent immediately, by our other installed (custom) java apps in Tomcat. This server has been around for 6+ years, and the problem just starting occurring on Jan 24th of this year, without me knowing what changed. Looking at the smtp logs, it corrupts the mail before it leaves the system, before it hits the mail server. Replacing the original message with garbage like this example below: --=_Part_3_1832428443.1648744184783-- Curiously when I deleted the 'work' dir under tomcat it temporarily solved the problem, allowing emails to be sent properly/correctly, but email eventually became corrupt again, just hours later, and deletion of the 'work' dir does nothing now (tried many times). I removed every mail related plugin in the .jenkins install dir, thinking the JVM was being corrupted with multiple java mail files, with no success/luck on the email send. Searched through the markmail archive, Jenkins forum, and google with nothing really matching the described issue. Env: Oracle Linux 7.9 Tomcat: 8.5.72 (tried with 8.5.65, when I know it was working) Java: jdk1.8.0_311 (tried with 281, when I know it was working) Apr: 1.7.0 Apr-util: 1.6.1 Openssl: 1.1.1l tomcat-native: 1.2.31-src Jenkins: 2.332.1 LTS (tried several / various previous versions that I know worked) Postfix: 2.10.1-9.el7.x86_64 Mail Jar: javax.mail-1.6.2.jar V/R,
Re: Question about ssl
John, On 3/31/22 10:50, John Dale (DB2DOM) wrote: Hi Chris; I'm measuring the time taken to process a request as reported by inspector-network in brave. SSL time to process through tomcat is 11ms. Same request for a smaller file using a java SSL socket is taking 50ms .. like this: public static SSLServerSocket getServerSocketWithCert(int port, InputStream pathToCert, String passwordFromCert, ServerSecureType type) throws IOException, KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException { X509TrustManager[] tmm; X509KeyManager[] kmm; KeyStore ks = KeyStore.getInstance(instance); ks.load(pathToCert, passwordFromCert.toCharArray()); tmm=tm(ks); kmm=km(ks, passwordFromCert); SSLContext ctx = SSLContext.getInstance(type.getType()); ctx.init(kmm, tmm, null); SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) ctx.getServerSocketFactory(); SSLServerSocket ssocket = (SSLServerSocket) socketFactory.createServerSocket(port); return ssocket; } I'm using the cert at https://db2dom.com It's still a tenth of a second to process the request with this "hand rolled" method, but it's several orders of magnitude slower, and I'm trying to figure out why (I'm obsessive with response times). So you have a hand-rolled TLS server (selected code above) and you are comparing it to Tomcat? It all depends upon what you are doing with that code above. Tomcat is doing something like the above basically once and then re-using the same Socket for a long time. Are you re-initializing your Socket for each request perhaps? Are you using exactly the same trust store and key store between your hand-rolled code and Tomcat? The client is negotiating the exaxt same cipher suite, etc.? How many requests are you running your code through -- like after JVM startup? Just one? Many? How many? Same questions for Tomcat. It's always hard to set up a fair comparison, and you aren't giving us very much information. -chris On 3/28/22, Christopher Schultz wrote: John, On 3/26/22 22:29, John Dale (DB2DOM) wrote: Can you help me understand why Tomcat's SSL handling is so much faster than hand rolling it on a regular socket? I think you'll need to define some terms. For example, what do you mean when you say "faster", and how are you measuring that? What do you mean when you say "hand-rolling" your SSL and what is a "regular socket"? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Question about ssl
Hello, could you measure the time it takes to initialize all the keys and Key/Trustmanagers by inserting some debug output? I am not sure whether the certificate is checked for validity. This could involve checking revocation list, OCSP-Call to external server, ... Greetings, Thomas > -Ursprüngliche Nachricht- > Von: John Dale (DB2DOM) > Gesendet: Donnerstag, 31. März 2022 16:50 > An: Tomcat Users List > Betreff: Re: Question about ssl > > Hi Chris; > > I'm measuring the time taken to process a request as reported by inspector- > network in brave. > > SSL time to process through tomcat is 11ms. > > Same request for a smaller file using a java SSL socket is taking 50ms .. like > this: > > public static SSLServerSocket getServerSocketWithCert(int port, > InputStream pathToCert, String passwordFromCert, > ServerSecureType type) throws IOException, > KeyManagementException, NoSuchAlgorithmException, > CertificateException, KeyStoreException, > UnrecoverableKeyException > { > X509TrustManager[] tmm; > X509KeyManager[] kmm; > KeyStore ks = KeyStore.getInstance(instance); > ks.load(pathToCert, passwordFromCert.toCharArray()); > tmm=tm(ks); > kmm=km(ks, passwordFromCert); > SSLContext ctx = SSLContext.getInstance(type.getType()); > ctx.init(kmm, tmm, null); > SSLServerSocketFactory socketFactory = > (SSLServerSocketFactory) ctx.getServerSocketFactory(); > SSLServerSocket ssocket = (SSLServerSocket) > socketFactory.createServerSocket(port); > return ssocket; > } > > I'm using the cert at https://db2dom.com > > It's still a tenth of a second to process the request with this "hand rolled" > method, but it's several orders of magnitude slower, and I'm trying to figure > out why (I'm obsessive with response times). > > Sincerely, > > John > > > > On 3/28/22, Christopher Schultz wrote: > > John, > > > > On 3/26/22 22:29, John Dale (DB2DOM) wrote: > >> Can you help me understand why Tomcat's SSL handling is so much > >> faster than hand rolling it on a regular socket? > > > > I think you'll need to define some terms. > > > > For example, what do you mean when you say "faster", and how are you > > measuring that? > > > > What do you mean when you say "hand-rolling" your SSL and what is a > > "regular socket"? > > > > -chris > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about ssl
Hi Chris; I'm measuring the time taken to process a request as reported by inspector-network in brave. SSL time to process through tomcat is 11ms. Same request for a smaller file using a java SSL socket is taking 50ms .. like this: public static SSLServerSocket getServerSocketWithCert(int port, InputStream pathToCert, String passwordFromCert, ServerSecureType type) throws IOException, KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException { X509TrustManager[] tmm; X509KeyManager[] kmm; KeyStore ks = KeyStore.getInstance(instance); ks.load(pathToCert, passwordFromCert.toCharArray()); tmm=tm(ks); kmm=km(ks, passwordFromCert); SSLContext ctx = SSLContext.getInstance(type.getType()); ctx.init(kmm, tmm, null); SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) ctx.getServerSocketFactory(); SSLServerSocket ssocket = (SSLServerSocket) socketFactory.createServerSocket(port); return ssocket; } I'm using the cert at https://db2dom.com It's still a tenth of a second to process the request with this "hand rolled" method, but it's several orders of magnitude slower, and I'm trying to figure out why (I'm obsessive with response times). Sincerely, John On 3/28/22, Christopher Schultz wrote: > John, > > On 3/26/22 22:29, John Dale (DB2DOM) wrote: >> Can you help me understand why Tomcat's SSL handling is so much faster >> than hand rolling it on a regular socket? > > I think you'll need to define some terms. > > For example, what do you mean when you say "faster", and how are you > measuring that? > > What do you mean when you say "hand-rolling" your SSL and what is a > "regular socket"? > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org