You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Scott Willey <sw...@soasta.com> on 2009/05/13 21:13:22 UTC
Long receive time for chunked ssl response
Processing a chunked SSL response of 221 characters, I found I was waiting over three seconds for the entire response to be read. Upon investigation, this appears to be happening because the decrypt method in SSLIOSession does not decrypt everything in the encrypted buffer at one go. Because of this, portions of my response didn't get processed via the processing of the events, but rather via the BaseIOReactor's validate method which means I experienced multiple select interval timeouts prior to the message being fully processed. In reviewing the java nio documentation for the unwrap method of the sslEngine, the comments in the javadoc state: "This method will attempt to consume one complete SSL/TLS network packet". It appears that one time through the decrypt method decrypted small packets with almost no data in them, leaving encrypted data waiting. As an experiment, I changed the code in isAppInputReady in SSLIOSession to call decrypt in a loop until everything in the encrypted buffer was processed and bingo the response processed in under 5ms.
I was surprised not to find any other comments on this topic. Perhaps I simply a related topic somewhere? In any case, I'd be curious to know what the "correct" solution to this problem is.
Thank you very much
Scott
Re: Long receive time for chunked ssl response
Posted by Scott Willey <sw...@soasta.com>.
Done.
Unfortunately, I there is no public access to the service in question. In theory any connection involving SSL and chunked responses would reproduce-but that's in theory. If I can detect this problem in a public site, I'll add it to the ticket (HTTPCORE-196).
Thank you
Scott
On 5/13/09 12:26 PM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
Processing a chunked SSL response of 221 characters, I found I was waiting over three seconds for the entire response to be read. Upon investigation, this appears to be happening because the decrypt method in SSLIOSession does not decrypt everything in the encrypted buffer at one go. Because of this, portions of my response didn't get processed via the processing of the events, but rather via the BaseIOReactor's validate method which means I experienced multiple select interval timeouts prior to the message being fully processed. In reviewing the java nio documentation for the unwrap method of the sslEngine, the comments in the javadoc state: "This method will attempt to consume one complete SSL/TLS network packet". It appears that one time through the decrypt method decrypted small packets with almost no data in them, leaving encrypted data waiting. As an experiment, I changed the code in isAppInputReady in SSLIOSession to call decrypt in a loop until everything in the en
crypted buffer was processed and bingo the response processed in under 5ms.
Re: Long receive time for chunked ssl response
Posted by Oleg Kalnichevski <ol...@apache.org>.
Scott Willey wrote:
> Processing a chunked SSL response of 221 characters, I found I was waiting over three seconds for the entire response to be read. Upon investigation, this appears to be happening because the decrypt method in SSLIOSession does not decrypt everything in the encrypted buffer at one go. Because of this, portions of my response didn't get processed via the processing of the events, but rather via the BaseIOReactor's validate method which means I experienced multiple select interval timeouts prior to the message being fully processed. In reviewing the java nio documentation for the unwrap method of the sslEngine, the comments in the javadoc state: "This method will attempt to consume one complete SSL/TLS network packet". It appears that one time through the decrypt method decrypted small packets with almost no data in them, leaving encrypted data waiting. As an experiment, I changed the code in isAppInputReady in SSLIOSession to call decrypt in a loop until everything in the en
crypted buffer was processed and bingo the response processed in under 5ms.
>
> I was surprised not to find any other comments on this topic. Perhaps I simply a related topic somewhere? In any case, I'd be curious to know what the "correct" solution to this problem is.
>
> Thank you very much
>
> Scott
>
Hi Scott
This does sound like an issue with SSLIOSession. Could please raise a
JIRA for it?
https://issues.apache.org/jira/browse/HTTPCORE
You are also very welcome to attach your local changes as a patch to the
JIRA ticket. If the server is publicly accessible could you please let
me know the URL I could use to reproduce the problem?
Cheers
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org