Cxf 2.3.1 - I am using soapui as client - what's the best way to "warm up" the ssl before running the test suite in soapui?
Is a single sslengine created per jetty port or per jaxws service ? Sent from my iPhone On Jan 18, 2011, at 7:11, Daniel Kulp <[email protected]> wrote: > On Sunday 16 January 2011 10:09:56 pm Jason Pell wrote: >> Hi, >> >> As soon as I enable SSL and execute my soapui test suite I get cpu to >> %95. I have profiled the application and can see that this is caused >> by the >> >> com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite >> (further down in the stack BigInteger is responsible for most of the >> CPU). >> >> I have configured the following server config: >> >> <sec:cipherSuitesFilter> >> <sec:include>.*_EXPORT_.*</sec:include> >> <sec:include>.*_EXPORT1024_.*</sec:include> >> <sec:include>.*_WITH_DES_.*</sec:include> >> <sec:include>.*_WITH_NULL_.*</sec:include> >> <sec:include>.*_128_.*</sec:include> >> <sec:exclude>.*_DH_anon_.*</sec:exclude> >> </sec:cipherSuitesFilter> >> >> >> I am using the self signed cert provided in CXF examples, but I am not >> using a trust store on the server side. >> >> Does the SSL setup take a while to warm up in a JVM? Reason I ask is >> I have managed to get acceptable results from the same soapui >> integration test suite after a few of runs (not deterministic, >> sometimes its the second run, sometimes the 5, and really confusing is >> sometimes it can go back to cpu bound even after a few runs). The >> first 1 or 3 runs fail with EOF exceptions and such and then suddenly >> I am back to 22 seconds total for the test suite which is in the >> ballpark. >> >> I am not entirely sure how to go about resolving this because 90% CPU >> on a single CPU machine and 180% (approx) on a dual CPU machine are >> all in the SSL core jre code. > > Setting up an SSL/TLS connection IS extremely cpu intensive and time > consuming. Once setup, it's not bad and is about 80% the speed of a non- > encrypted connection. > > Couple questions: > 1) What version of CXF are you using? There was a bug in some older > versions > that prevented keep-alives from working properly so a new connection had to > be > established for each request. > > 2) Are you creating a new proxy for each request? If so, don't do that. Re- > use them. Otherwise, a new connection is made per proxy. > > > -- > Daniel Kulp > [email protected] > http://dankulp.com/blog
