Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Why DNS lookup in newSSLEngine(InetSocketAddress address)?


On Thu, Dec 22, 2016 at 3:55 PM, Johan Piculell <johan@xxxxxxxxxxx> wrote:
> Hello.
> The doc on this method states:
> * If {@link #getNeedClientAuth()} is {@code true}, then the host name is
> passed to
> * {@link #newSSLEngine(String, int)}, possibly incurring in a reverse DNS
> lookup, which takes time
> * and may hang the selector (since this method is usually called by the
> selector thread).
> * <p />
> But why is this needed at all? I have made some tests and client
> authentication works just fine even if the host name cannot be resolved, so
> why this extra overhead? And what is worse is if I do have a DNS that does
> not respond for whatever reason, then my application will suffer severely
> since all incoming requests will be stuck. And I cannot see why we should
> get this penalty just because we enable client authentication.

Can you please open an issue about this ?

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top