Need to investigate this a bit further, based into FAQ, it may have some support for SSL with server socket.
Btw, one really irritating fact of standard SSLServerSocket
implementation of java is that API launches new handler thread everytime when new SSL socket is created. It’s pretty clear that when having server with thousands of connections that adds ovehead for connection establishment.
However, regarding scaling up java servers, traditional NIO selector loop in single thread doesn’t scale well. Reason is that such API originates from the era of slow single core CPUs, while current trend is reasonably fast, very many cores CPUs. Such model actually works better with sockets which are multithreaded, speed of single CPU core becomes quickly limiting factor if single thread is doing all the work via ”selector” loop.
Update 3.7.2011
BouncyCastle – Add support for DEFLATE compression to TLS
However, sadly, there aint’ any hope of getting support in real life any time soon, since fixes in java ZIP flush logic are done only in JRE7, and since it’s just being released, it will take few stabilization releases until it’s safe to put into real production use (Read: ~1 year, until safe to take into use.
Wikipedia – Comparison of TLS Implementations
Update 5.7.2011
Bouncy Castle – TLS now supports compression (v1.46)
Okey, if that’s truly true, then that is interesting. Need to investigate a bit.
References:
Netty: SecureChat example
Apache MINA
MINA vs Netty – A User’s perspective [Part 1]
Stackoverflow: Netty vs Apache MINA
Kari’s World: NIO + SSL + ServerSocket == wtf?!?
Kari’s World: Use only max 8KB IO buffer?!?