On Monday 17 January 2011 5:35:39 pm Jason Pell wrote: > Cxf 2.3.1 - I am using soapui as client - what's the best way to "warm up" > the ssl before running the test suite in soapui?
I don't think you can, really. Maybe run it in soap UI first for a minute before actually running the test. Don't really know. > Is a single sslengine created per jetty port or per jaxws service ? On the server side, it would be per port, I think. It MAY be per connection on the port (not per service), but I'm not really sure. That's down in Jetty someplace. Dan > Sent from my iPhone > > On Jan 18, 2011, at 7:11, Daniel Kulp <[email protected]> wrote: > > On Sunday 16 January 2011 10:09:56 pm Jason Pell wrote: > >> Hi, > >> > >> As soon as I enable SSL and execute my soapui test suite I get cpu to > >> %95. I have profiled the application and can see that this is caused > >> by the > >> > >> com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite > >> (further down in the stack BigInteger is responsible for most of the > >> CPU). > >> > >> I have configured the following server config: > >> > >> <sec:cipherSuitesFilter> > >> > >> <sec:include>.*_EXPORT_.*</sec:include> > >> <sec:include>.*_EXPORT1024_.*</sec:include> > >> <sec:include>.*_WITH_DES_.*</sec:include> > >> <sec:include>.*_WITH_NULL_.*</sec:include> > >> <sec:include>.*_128_.*</sec:include> > >> <sec:exclude>.*_DH_anon_.*</sec:exclude> > >> > >> </sec:cipherSuitesFilter> > >> > >> I am using the self signed cert provided in CXF examples, but I am not > >> using a trust store on the server side. > >> > >> Does the SSL setup take a while to warm up in a JVM? Reason I ask is > >> I have managed to get acceptable results from the same soapui > >> integration test suite after a few of runs (not deterministic, > >> sometimes its the second run, sometimes the 5, and really confusing is > >> sometimes it can go back to cpu bound even after a few runs). The > >> first 1 or 3 runs fail with EOF exceptions and such and then suddenly > >> I am back to 22 seconds total for the test suite which is in the > >> ballpark. > >> > >> I am not entirely sure how to go about resolving this because 90% CPU > >> on a single CPU machine and 180% (approx) on a dual CPU machine are > >> all in the SSL core jre code. > > > > Setting up an SSL/TLS connection IS extremely cpu intensive and time > > consuming. Once setup, it's not bad and is about 80% the speed of a > > non- encrypted connection. > > > > Couple questions: > > 1) What version of CXF are you using? There was a bug in some older > > versions that prevented keep-alives from working properly so a new > > connection had to be established for each request. > > > > 2) Are you creating a new proxy for each request? If so, don't do that. > > Re- use them. Otherwise, a new connection is made per proxy. -- Daniel Kulp [email protected] http://dankulp.com/blog
