On Sat, 2 Oct 2021 05:45:47 GMT, Clive Verghese <cvergh...@openjdk.org> wrote:
> Hi, > > We have identified that the `HandshakeContext` initialization takes up a > close to 50% of the flame graph for startHandshake. I have moved the > computation of the `activeProtocols` and `activeCipherSuites` from the > HandshakeContext constructor to SSLConfiguration class because the values > used to compute the two list are available in the SSLConfiguration. > > In order to reuse this, I have initialized SSLConfiguration in the > SSLSocketFactory and reused this when possible for Client Socket Constructors > in the SSLSocketImpl. > > Sockets created from the SSLSocketFactory see this improvements. > > Old Benchmarks > > Benchmark Mode Cnt Score Error Units > SSLStartHandshake.handshakeBenchmark thrpt 25 0.247 ± 0.011 ops/ms > SSLStartHandshake.handshakeBenchmark avgt 25 4.210 ± 0.445 ms/op > > New Benchmarks > > SSLStartHandshake.handshakeBenchmark thrpt 25 0.257 ± 0.017 ops/ms > SSLStartHandshake.handshakeBenchmark avgt 25 3.967 ± 0.208 ms/op > > > > I have also attached the JFR profiles from before and after the change. > Before > <img width="2325" alt="SSLOverhead-old" > src="https://user-images.githubusercontent.com/934461/135705010-a8502966-c6be-4cb5-b743-4a5b382c8e1f.png";> > > After > <img width="2310" alt="SSLOverhead-new" > src="https://user-images.githubusercontent.com/934461/135705007-ea852b36-e10f-4741-a166-249270b34465.png";> > > We have been able to optimize the `TransportContext.kickstart` function by > removing the `HandshakeContext.<init>` initialization and reduce the time to > start the handshake by reusing `activeProtocols` and `activeCipherSuites` > > In addition to the SSL and http tests, I have run tier-1 and tier-2 tests and > ensure that they pass. > > Looking for your feedback src/java.base/share/classes/sun/security/ssl/HandshakeContext.java line 169: > 167: this.algorithmConstraints = new SSLAlgorithmConstraints( > 168: sslConfig.userSpecifiedAlgorithmConstraints); > 169: this.activeProtocols = new > LinkedList<ProtocolVersion>(sslConfig.activeProtocols); Just wonder why LinkedLIst, not ArrayList? ------------- PR: https://git.openjdk.java.net/jdk/pull/5793
![https://user-images.githubusercontent.com/934461/135705010-a8502966-c6be-4cb5-b743-4a5b382c8e1f.png"](https://user-images.githubusercontent.com/934461/135705010-a8502966-c6be-4cb5-b743-4a5b382c8e1f.png"){kind=link}
![https://user-images.githubusercontent.com/934461/135705007-ea852b36-e10f-4741-a166-249270b34465.png"](https://user-images.githubusercontent.com/934461/135705007-ea852b36-e10f-4741-a166-249270b34465.png"){kind=link}