Re: [jetty-users] Fast SSL with jetty.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Fast SSL with jetty.

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Fri, 19 Mar 2021 09:42:23 +0800
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

So unix sockets an option?

On Fri, 19 Mar 2021, 09:21 Luke B, <lukenbutters@xxxxxxxxx> wrote:

Hi,

From memory the difference in performance is rather large, maybe 10x or 20x. It really does make a difference to how many requests we can handle. Conscrypt takes jetty from being severely limited by the speed at which it can transfer encrypted data, to encryption adding no meaningful overhead to data transfer.

-Luke

On Tue, Mar 16, 2021 at 1:21 AM Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
Hi,

On Mon, Mar 15, 2021 at 12:50 AM Luke B <lukenbutters@xxxxxxxxx> wrote:
>
> Hi,
>
> So it seems conscrypt has even more memory leaks:
> https://github.com/google/conscrypt/issues/835
> https://github.com/google/conscrypt/issues/984
>
> Conscrypt doesn't appear to be sufficiently reliable to be used in production.
>
> Setting up jetty to listen only on localhost without SSL and having an nginx (or other web server) reverse proxy to provide SSL is possible but unlikely something that is acceptable as encryption is required all the way to the java process. In this case a tcp dump would reveal passwords.
>
> Jetty, it seems, is trapped behind Java's relatively slow SSL implementation.

I guess the keyword here is "relatively".

Java's SSL is slower no doubt, but perhaps it does the job?
Is the move to Conscrypt due to benchmarks (A is faster than B), but B
can handle the load just nicely?
Is the move to Conscrypt due to saving CPU/memory in the cloud to save money?

I'm saying that with the latest Java versions, with native support for
encryption primitives, TLS resumption, etc. maybe Java TLS does the
job for you.
Sure it's not the Ferrari you wanted, but it's a decently fast car anyway?

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Follow-Ups:
- Re: [jetty-users] Fast SSL with jetty.
  - From: Greg Wilkins

References:
- [jetty-users] Fast SSL with jetty.
  - From: Luke B
- Re: [jetty-users] Fast SSL with jetty.
  - From: Simone Bordet
- Re: [jetty-users] Fast SSL with jetty.
  - From: Luke B

Prev by Date: Re: [jetty-users] Fast SSL with jetty.
Next by Date: [jetty-users] getting host certificate information with Jetty client
Previous by thread: Re: [jetty-users] Fast SSL with jetty.
Next by thread: Re: [jetty-users] Fast SSL with jetty.
Index(es):
- Date
- Thread

Breadcrumbs