Native default

[Rémy Maucherat <re...@apache.org>]

Hi,

In Tomcat 9, using the Apr listener could mean that the user want to use
the OpenSSL crypto and not the full APR connector. Since Mark doesn't seem
to like that connector very much and since we have HTTP/2 to "sell" as
working stuff, I would like to propose an interim step.

At the moment, the behavior when the Apr lifecycle listener is present and
the Tomcat native library is successfully loaded is to load the APR
connector if nothing is specified. I was considering allowing to change the
behavior in that situation to load the usual Java connector instead (NIO at
the moment), but with the OpenSSL implementation.

This will be configurable using an extra flag on the lifecycle listener
(similar to the fips flag).

Rémy

Re: Native default

[Rémy Maucherat <re...@apache.org>]

2015-12-11 23:23 GMT+01:00 Christopher Schultz <chris@christopherschultz.net
>:

> One connector to rule them all.
>
> Is NIO2 viable yet? The APR connector had actual blocking-reads in
> situations where we wanted that. NIO on the other hand IIRC can't choose
> which type of reads to do: they are always blocking.
>

NIO is non blocking only. NIO2 is a low level async IO framework, useful
for experiments. Due to very aggressive optimizations, it performs well
although it doesn't look like it would looking at the API. It should be
easier to implement more complex stuff since it can easily carry around
state along with the async IO operations.

>
> The testing that Jean-Frederic and I have done shows much higher system
> resource (CPU) use for this simulated-blocking stuff. Does NIO2 perform
> better?
>
> While I agree that CPU time is there to be used, using that CPU time in
> what amounts to a spin-wait (okay, I'm overstating a bit here) isn't
> satisfying.
>
> You can keep on talking about it, it still doesn't make any real
difference anymore. The APR connector should still not be removed, it's the
fastest (SSL) and it can be more reliable (or not, it depends ...). But it
could be envisioned it won't be the default even if tomcat-native is
present, because it's safer.

Rémy

Re: Native default

[Christopher Schultz <ch...@christopherschultz.net>]

Mark,

On 12/11/15 6:01 AM, Mark Thomas wrote:
> On 11/12/2015 10:54, Rémy Maucherat wrote:
>> Hi,
>>
>> In Tomcat 9, using the Apr listener could mean that the user want to use
>> the OpenSSL crypto and not the full APR connector. Since Mark doesn't seem
>> to like that connector very much and since we have HTTP/2 to "sell" as
>> working stuff, I would like to propose an interim step.
>>
>> At the moment, the behavior when the Apr lifecycle listener is present and
>> the Tomcat native library is successfully loaded is to load the APR
>> connector if nothing is specified. I was considering allowing to change the
>> behavior in that situation to load the usual Java connector instead (NIO at
>> the moment), but with the OpenSSL implementation.
>>
>> This will be configurable using an extra flag on the lifecycle listener
>> (similar to the fips flag).
> 
> +1
> 
> With the work that has been done on the OpenSSL SSLContext
> implementation I have been thinking along exactly the same lines.
> 
> I also think that the recent OpenSSL Context work has strengthened the
> case for removing the APR connector in 9.0.x.

One connector to rule them all.

Is NIO2 viable yet? The APR connector had actual blocking-reads in
situations where we wanted that. NIO on the other hand IIRC can't choose
which type of reads to do: they are always blocking.

The testing that Jean-Frederic and I have done shows much higher system
resource (CPU) use for this simulated-blocking stuff. Does NIO2 perform
better?

While I agree that CPU time is there to be used, using that CPU time in
what amounts to a spin-wait (okay, I'm overstating a bit here) isn't
satisfying.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Native default

[Mark Thomas <ma...@apache.org>]

On 11/12/2015 10:54, Rémy Maucherat wrote:
> Hi,
> 
> In Tomcat 9, using the Apr listener could mean that the user want to use
> the OpenSSL crypto and not the full APR connector. Since Mark doesn't seem
> to like that connector very much and since we have HTTP/2 to "sell" as
> working stuff, I would like to propose an interim step.
> 
> At the moment, the behavior when the Apr lifecycle listener is present and
> the Tomcat native library is successfully loaded is to load the APR
> connector if nothing is specified. I was considering allowing to change the
> behavior in that situation to load the usual Java connector instead (NIO at
> the moment), but with the OpenSSL implementation.
> 
> This will be configurable using an extra flag on the lifecycle listener
> (similar to the fips flag).

+1

With the work that has been done on the OpenSSL SSLContext
implementation I have been thinking along exactly the same lines.

I also think that the recent OpenSSL Context work has strengthened the
case for removing the APR connector in 9.0.x.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org