On 4/17/19, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > John, > > On 4/17/19 10:42, John Dale wrote: >> My understanding is that the folks at SUN really put their backs >> into it from the beginning: >> https://stackoverflow.com/questions/479701/does-java-have-buffer-overf > lows >> >> Since hot spot compilers have matured, Java is virtually as fast >> as C/++ (the Java is slow argument falls in my deaf ears, even if >> it is amazingly repeated still today by members of other >> programming religions). > > Where it really sucks, though, is crypto. When JSSE decides to use > hardware for crypto, things go really well. But it often does not make > that decision due to a few bugs here and there that still appear to > remain in the runtime. > > Tomcat benchmarks comparing JSSE versus OpenSSL are at least an order > of magnitude different, sometimes two, in favor of OpenSSL. > > Have a look at any of the slides Jean-Frederic Clere has presented at > any recent ApacheCon conferences and you can see his benchmarks > comparing them. > > The good news is that Tomcat+OpenSSL is comparable to httpd+OpenSSL, > so if you are able to use tcnative (required for OpenSSL use from > Tomcat), then the performance argument is pretty much moot. > > I myself always front Tomcat with another web server, but that is for > other reasons. Security and performance are nice-to-haves but aren't > really justified IMHO. Flexibility is the primary reason I front my > Tomcat instances with web servers. Tomcat doesn't make a great > load-balancer. > > - -chris
You mean on its own without modification? I think Tomcat makes a great load balancer, but I had to write a little code. HTTPD has a lot of plugins and ad-ons and a history of integration with lots of tools from firewall to email and beyond. It's a crazy piece of software that is very mature, but I found it to be overkill for my purposes .. I just use LFD/CFS manually, and I will continue to improve my DDOS, other exploit mitigation code. > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3WdkACgkQHPApP6U8 > pFiRrg//QcXdcysOx18yEpadFhuUekcTvogC5BGhZe5lV3AY4fgXeXQH46YZOkeY > Lit5F6JRFb9qVwFs9Uc9Ot9hwvVt9ldFMKOKAkxMIAp1yxRk8sWuaI99OLiNBAyf > qKmfwI0bx4H73oR22jhP5mlIITzJShZc86R9apb/v34ofncxQ6bLlAQMxu98Wo7W > G4kBXTjnn7UzNFtpAXiZLd8t22IeBbN6CDFgM5urhOb3g7rTNdqW8Q28ik7qwenK > gK5KmSek7+LZTsx5UD3N4WxdRkUKB30ZIvPt+cH1HMntvulQKJ39Giw9XjXHv8Hc > VIsrh/S+2fbfG+4F0aqYmR5WuEXK30mG76DU3DW2o3v8sZ+pvuJ3C37mc0biWGy7 > fS722Uh3s6tucs4ToQtwwYkhS93NIUm8uLZJnv3FAUW5EOY7THzf0pplv/ZZEQ62 > Sg1bZ4mA7/Tdt25MKM2K04h2ERLTsAiB7Qneh2Ch4yVt3cwnGbZUFCAbXMSq01xE > TP6j0zfLAtEx3b6Av22WLqnq5NdSDUYbvVzTQPH/TUERf4ztLRadBjHPEN0gM2vL > zQi7BGiJix2K/fjWLicGkZKTPCWvSnknkwPgQ1JzxZwEQmCUA+hRANaZljp7KVwP > mObnaRL5QQ/S2NhCRHFdvyLqXMgmbSsMe+FMmN2P8/mADwSdeK8= > =4xik > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org