I may be off-mark here (since I did not go over the mail thread with a fine comb), but one possible use is to satisfy cases where FIPS 140-2 validated library is a requirement. Currently, there are very few options in the market (BouncyCastle is FIPS 140-2, RSA BSAFE has exited), so the ability to use OpenSSL as a JCE provided would be immensely beneficial.
Thanks. -ag On Thu, Mar 21, 2019 at 8:43 AM Simone Bordet <simone.bor...@gmail.com> wrote: > > Hi, > > On Thu, Mar 21, 2019 at 3:43 PM Sean Mullan <sean.mul...@oracle.com> wrote: > > But, if we want to explore this further, I think it first makes sense to > > take a step back and focus more on what benefits an OpenSSL provider or > > "native bridge" would provide. > > Benchmarked 3x-10x performance improvements. > https://nbsoftsolutions.com/blog/dropwizard-1-3-upcoming-tls-improvements > > I guess the memory allocation/footprint has similar improvements, with > the JDK insisting at requiring ~17 KiB buffers to read HTTP requests > in the order of <1 KiB. > > -- > Simone Bordet > --- > Finally, no matter how good the architecture and design are, > to deliver bug-free software with optimal performance and reliability, > the implementation technique must be flawless. Victoria Livschitz
