[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-dev] Why DNS lookup in newSSLEngine(InetSocketAddress address)?
|
Hi,
On Thu, Dec 22, 2016 at 3:55 PM, Johan Piculell <johan@xxxxxxxxxxx> wrote:
> Hello.
>
> The doc on this method states:
>
> * If {@link #getNeedClientAuth()} is {@code true}, then the host name is
> passed to
> * {@link #newSSLEngine(String, int)}, possibly incurring in a reverse DNS
> lookup, which takes time
> * and may hang the selector (since this method is usually called by the
> selector thread).
> * <p />
>
>
> But why is this needed at all? I have made some tests and client
> authentication works just fine even if the host name cannot be resolved, so
> why this extra overhead? And what is worse is if I do have a DNS that does
> not respond for whatever reason, then my application will suffer severely
> since all incoming requests will be stuck. And I cannot see why we should
> get this penalty just because we enable client authentication.
Can you please open an issue about this ?
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
