Hello all, wondering if anyone has seen similar behaviour - sorry if already reported, googling hasn't found much other than a somewhat similar older issue on APR going to 100% CPU when idle due to a poll loop/timeout issue - however this seems a bit different as this is only occurring with SSL;
Running (ESX Based): Server version: Apache Tomcat/8.5.9 Server built: Dec 5 2016 20:18:12 UTC Server number: 8.5.9.0 OS Name: Windows Server 2012 R2 OS Version: 6.3 Architecture: amd64 JVM Version: 1.8.0_112-b15 JVM Vendor: Oracle Corporation Apache Tomcat Native library 1.2.10 using APR version 1.5.2. APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] OpenSSL successfully initialized (OpenSSL 1.0.2j 26 Sep 2016) Server setup as 4 vCPU / 8GB mem Problem: After running load on the server (this is a QA system, so just load tests) Tomcat goes to 70-100% CPU usage when it should be idle. This only occurs when putting load on the SSL connectors w/APR. When re-applying load (to SSL connector), the CPU usage drops to appropriate levels for the load, but then returns to the higher idle CPU usage. If applying load back to the non-SSL connector, CPU usage stays high (higher than after a restart and sending to non-SSL connector first). Performing the same load tests on non-SSL (still with APR), or non-APR connectors CPU returns to idle after the load run is completed. The load applied is 8 persistent connections, which send basic POST requests, the service does some basic operations and responds, generally - if not maxed out - in 1-2ms. Even when using 1 connection, the CPU usage stays constant when the requests stop. Again this only occurs when using the SSL/APR connector, if using a non-APR connector, or the APR-non-SSL connector it's fine. It seems to be a problem with just how APR-SSL works or possibly OpenSSL ? Not sure how to further isolate to see which one is the problem. SSL Connector setup: <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" maxKeepAliveRequests="-1"> <SSLHostConfig> <Certificate certificateFile="conf/localhost-rsa-cert.pem" certificateKeyFile="conf/localhost-rsa-key.pem" certificateKeyPassword="password" type="RSA" /> </SSLHostConfig> </Connector> Non-SSL Connector: <Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" connectionTimeout="20000" maxKeepAliveRequests="-1" redirectPort="8443" > </Connector> Initializing ProtocolHandler ["http-apr-8080"] Initializing ProtocolHandler ["https-openssl-apr-8443"]