SSL handshake stalls broker with NIO

[oliverd <ol...@hotmail.com>]

I had an issue after switching to non-blocking I/O (NIO) in combination with
SSL

the SSL handshake for ~5000 connections easily stalled the broker taking
100% CPU
I'm using version ActiveMQ 5.8 

doing some profiling, it showed up that the SSL handshake on broker side
eats up ~90% of overall CPU time
by checking just the handshake status in very high frequency

top 3 methods sorted by own processor time:
com.sun.net.ssl.internal.ssl.SSLEngineImpl.getHandshakeStatus()
org.apache.activemq.transport.nio.NIOSSLTransport.doHandshake()
com.sun.net.ssl.internal.ssl.SSLEngineImpl.getHSStatus(javax.net.ssl.SSLEngineResult$HandshakeStatus)

the reason is the asynchronous nature of the SSL handshake with NIO,
especially the execution of delegated tasks:
- NIOSSLTransport.doHandshake() executes delegated tasks using a
TaskRunnerFactory asynchronously 
- in the meantime it loops calling SSLEngine.getHandshakeStatus()

to improve the situation I did the following changes:
- run delegated tasks synchronously in method doHandshake (handshake status
NEED_TASK) instead of asynchronously
- added some small wait cycles in method secureRead as there is not always
data available with NIO (to further reduce the number of calls to
SSLEngine.getHandshakeStatus)

after these changes the SSL handshake for several thousand connections in
parallel was not a problem anymore

is this a known issue ?
I did not check in version 5.9 yet if there were any code changes in this
area




--
View this message in context: http://activemq.2283324.n4.nabble.com/SSL-handshake-stalls-broker-with-NIO-tp4677916.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.