{"id":277,"date":"2011-06-12T12:38:14","date_gmt":"2011-06-12T12:38:14","guid":{"rendered":"https:\/\/kari.world.ikari.fi\/2011\/06\/12\/ssl-with-server-socket\/"},"modified":"2011-06-12T12:38:14","modified_gmt":"2011-06-12T12:38:14","slug":"ssl-with-server-socket","status":"publish","type":"post","link":"https:\/\/kari.world.ikari.fi\/?p=277","title":{"rendered":"SSL with server socket"},"content":{"rendered":"<p><a href=\"http:\/\/www.jboss.org\/netty\"> Netty<\/a><\/p>\n<p>Need to investigate this a bit further, based into FAQ, it may have some support for <a href=\"http:\/\/docs.jboss.org\/netty\/3.2\/guide\/html_single\/index.html#d0e1916\">SSL with server socket<\/a>.<\/p>\n<p>Btw, one really irritating fact of standard <code><a href=\"http:\/\/download.oracle.com\/javase\/6\/docs\/api\/javax\/net\/ssl\/SSLServerSocket.html\">SSLServerSocket<\/a><\/code> implementation of java is that API launches <a href=\"http:\/\/download.oracle.com\/javase\/6\/docs\/api\/javax\/net\/ssl\/HandshakeCompletedListener.html\"><b>new<\/b> handler thread<\/a> everytime when new SSL socket is created. It&#8217;s pretty clear that when having server with thousands of connections that adds ovehead for connection establishment.<\/p>\n<p>However, regarding scaling up java servers, traditional NIO selector loop in single thread doesn&#8217;t scale well. Reason is that such API originates from the era of slow single core CPUs, while current trend is reasonably fast, very many cores CPUs. Such model actually works better with sockets which are multithreaded, speed of single CPU core becomes quickly limiting factor if single thread is doing all the work via &#8221;selector&#8221; loop.<\/p>\n<p><b>Update 3.7.2011<\/b><br \/>\n<a href=\"http:\/\/www.bouncycastle.org\/jira\/browse\/BJA-294\">BouncyCastle &#8211; Add support for DEFLATE compression to TLS<\/a><br \/>\nHowever, sadly, there aint&#8217; any hope of getting support in real life any time soon, since fixes in java ZIP flush logic are done only in JRE7, and since it&#8217;s just being released, it will take few stabilization releases until it&#8217;s safe to put into real production use (Read: ~1 year, until safe to take into use.<\/p>\n<p><a href=\"http:\/\/en.wikipedia.org\/wiki\/Comparison_of_TLS_Implementations\">Wikipedia &#8211; Comparison of TLS Implementations<\/a><\/p>\n<p><b>Update 5.7.2011<\/b><br \/>\n<a href=\"http:\/\/www.bouncycastle.org\/releasenotes.html\">Bouncy Castle &#8211; TLS now supports compression (v1.46)<\/a><br \/>\nOkey, if that&#8217;s truly true, then that <b>is<\/b> interesting. Need to investigate a bit.<\/p>\n<p><b>References:<\/b><br \/>\n<a href=\"http:\/\/docs.jboss.org\/netty\/3.2\/xref\/org\/jboss\/netty\/example\/securechat\/\">Netty: SecureChat example<\/a><br \/>\n<a href=\"http:\/\/mina.apache.org\/\">Apache MINA<\/a><br \/>\n<a href=\"http:\/\/www.ashishpaliwal.com\/blog\/2009\/04\/mina-vs-netty-a-users-perspective-part-1\/\">MINA vs Netty \u2013 A User\u2019s perspective [Part 1]<\/a><br \/>\n<a href=\"http:\/\/stackoverflow.com\/questions\/1637752\/netty-vs-apache-mina\">Stackoverflow: Netty vs Apache MINA<\/a><br \/>\n<a href=\"https:\/\/kari.world.ikari.fi\/2009\/11\/19\/nio-ssl-serversocket-wtf\/\">Kari&#8217;s World: NIO + SSL + ServerSocket == wtf?!?<\/a><br \/>\n<a href=\"https:\/\/kari.world.ikari.fi\/2009\/12\/23\/use-only-max-8kb-io-buffer\/\">Kari&#8217;s World: Use only max 8KB IO buffer?!?<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Netty Need to investigate this a bit further, based into FAQ, it may have some support for SSL with server socket. Btw, one really irritating fact of standard SSLServerSocket implementation of java is that API launches new handler thread everytime when new SSL socket is created. It&#8217;s pretty clear that when having server with thousands&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-277","post","type-post","status-publish","format-standard","hentry","category-java"],"_links":{"self":[{"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=\/wp\/v2\/posts\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=277"}],"version-history":[{"count":0,"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=\/wp\/v2\/posts\/277\/revisions"}],"wp:attachment":[{"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kari.world.ikari.fi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}