[jetty-users] Fast SSL with jetty.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Fast SSL with jetty.

From: Luke B <lukenbutters@xxxxxxxxx>
Date: Mon, 15 Mar 2021 10:50:33 +1100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi,

So it seems conscrypt has even more memory leaks:
https://github.com/google/conscrypt/issues/835
https://github.com/google/conscrypt/issues/984

Conscrypt doesn't appear to be sufficiently reliable to be used in production.

Setting up jetty to listen only on localhost without SSL and having an nginx (or other web server) reverse proxy to provide SSL is possible but unlikely something that is acceptable as encryption is required all the way to the java process. In this case a tcp dump would reveal passwords.

Jetty, it seems, is trapped behind Java's relatively slow SSL implementation.

Does anyone have ideas on how fast secure communication to jetty might be done? For example:

* Perhaps someone has working openssl with jetty and that is comparable with the performance of conscrypt.

* Perhaps the locally running reverse proxy can securely communicate with jetty without https.

cheers,

-Luke

Follow-Ups:
- Re: [jetty-users] Fast SSL with jetty.
  - From: Simone Bordet
- Re: [jetty-users] Fast SSL with jetty.
  - From: Shawn Heisey

Prev by Date: Re: [jetty-users] Session invalidation
Next by Date: Re: [jetty-users] Fast SSL with jetty.
Previous by thread: [jetty-users] regular https and proxied htps at the same time
Next by thread: Re: [jetty-users] Fast SSL with jetty.
Index(es):
- Date
- Thread

Breadcrumbs