-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Howard,
On 3/5/14, 9:45 AM, Howard W. Smith, Jr. wrote: > Chris, > > On Tue, Mar 4, 2014 at 4:18 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> Dmitry, >> >> On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote: >>> Howard, My connector config is the following (i've already >>> posted that): >>> >>> <Connector port="8443" maxHttpHeaderSize="8192" >>> maxThreads="15000" enableLookups="false" >>> disableUploadTimeout="true" acceptCount="100" scheme="https" >>> secure="true" SSLEnabled="true" compression="off" >>> SSLCertificateFile="/opt/tomcat/mycompany.com.crt" >>> SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" /> >>> >>> Also -Dhttps.protocols=TLSv1 option is passed to java machine >>> >>> The reason for me to use apr connector is https performance, >>> isn't NIO much slower in that? >> >> I don't have any recent performance data, but using OpenSSL is >> apparently measurably faster than using JSSE. >> >> On the other hand, is the NIO connector does not crash, isn't >> that a point in its favor? > > > Can you please clarify your statements above? are you saying that > OpenSSL implies (or equals) NIO or APR? APR implies OpenSSL, and I suppose vice-versa. APR is native code and uses OpenSSL for its SSL engine. All of the pure-Java connectors (BIO, NIO, and possible a soon-to-be-available NIO2 connector) all use JSSE (Java Secure Sockets Extension) for SSL. For whatever reason, OpenSSL is measurably faster than JSSE. If you are fronting Tomcat with a web server which terminates SSL itself, then I see no particular reason to use the connectors over the NIO connectors. (Note that you can still use APR for its entropy capabilities even if not using it for SSL. You'll get session ids coming from OpenSSL's random source instead of Java's. I'm not sure that matters too much.) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTF0qNAAoJEBzwKT+lPKRYkIUQALqutaNWH1pLL1Gg89RgHyb+ 01ORV9O6q2fwtsIgW5WPurZr6gJAcf8K2C1bAkE6WCudgLrHjaTwQtb5peWFqHr0 IiCLa2bVxkDXDPFy5ESViPTML6UPiOHBXa707ZAK3vzRB5jy6fHbqMVvPBRx4CzD T0jKAqU9Odj38QBaUWvCi1BNgc0J5i4OyXBDNJmchyB0G6tN29vYo9zpaUnl972e 4qLzmWEGBzUnQ6y2zTga2fOZQJ4Lu5hQCLYmoCM84sU1Xl9BjHJ1Tn1mWm7jEm7V zMlIgFlJ/y65AUCqSRerMO5V5y4N+44CeQ2WV5v3hes4htAqRV7BFOgCfQW8e6Ng oqn4KLQU81rCOsN61tQIv1j17wkP6vux9WbaDScr+UVfjFZgdygaZvOLkmDs/bXG +b3DNsGVswOU4it2Y/cp6NAzwWDQfdfQUYDn9U/XOi9MnYSXNf+2dorTqnUhZ3Y7 mbxrCFpwKdbgXTkvs1UPwOZVhJ8dBuno/HofKuqbd+s9SkF/eXZNdyWolRUQ8sdK KFWgByHW+18IM1RiBieu9/iGA1U4nUz0HvLo0UxXpN1GAXO/67/Hv2h/LiqB/tQh yVFbvEZV5bR64D9FoPFReGQG4as2NBfIrbFz4XhqHwps5DDYm7WsS4hK87PE7fNC qeyeWruqGubsZfwDrfft =ihsJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org