You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Michael Osipov <mi...@apache.org> on 2019/11/11 18:46:56 UTC
Re: [PROPOSAL] Tomcat 10: Drop APR Connector
Am 2019-10-09 um 21:40 schrieb Christopher Schultz:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Michael
>
> On 10/9/19 11:40, Michael Osipov wrote:
>> Am 2019-10-07 um 16:39 schrieb Christopher Schultz:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>>
>>> All,
>>>
>>> I recently gave a presentation on locking-down Apache Tomcat[1]
>>> and I briefly discussed the "sharp edges" present in Tomcat. Some
>>> of them are unnecessarily sharp and may be actually unnecessary.
>>> I'm going to make a few proposals to remove functions from
>>> Tomcat.
>>>
>>> Proposal: Remove APR connector
>>>
>>> Justification:
>>>
>>> The APR connector was once used to provide superior I/O when
>>> compared to the only other available I/O mechanism available in
>>> Java: blocking I/O. Specifically, the APR connector allowed
>>> Tomcat to wait for keepalive requests on a connection to in a
>>> non-blocking fashion which was not possible with Java BIO-based
>>> connectors.
>>>
>>> The introduction of NIO into Java back in Java 1.4 (!!) changed
>>> things, and NIO support was added to Tomcat in 6.0. Now that it
>>> has had time to mature, the NIO connector is superior to the APR
>>> connector in several ways:
>>>
>>> 1. NIO connector allows non-blocking TLS handshakes 2. NIO
>>> connector uses less (Tomcat-owned) native code
>>>
>>> The first item improves performance and availability and the
>>> second item improves stability (and thus availability).
>>>
>>> The last advantage which (until recently) made the APR connector
>>> still very useful was the ability to use the OpenSSL
>>> cryptographic library for all cryptographic operations which is
>>> measurably higher-performance than those typically provided by
>>> the JVM.
>>>
>>> This last advantage no longer exists since we have a JSSE
>>> provider available for OpenSSL using libtcnative.
>>>
>>> Notes:
>>>
>>> This proposal does not recommend the removal of libtcnative. Only
>>> the removal of the APR connector, the APR lifecycle listener, and
>>> the associated native code required to support those components.
>>
>> Though, I have no opion for or against. It has worked very well for
>> me for the last 10+ years on HP-UX for our software.
>
> I'd love to get your feedback on NIO+OpenSSL, then.
To revive this, why APR is stil important:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63916
There is some severe bug making NIO performing very bad.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Drop APR Connector
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rémy,
On 11/11/19 14:20, Rémy Maucherat wrote:
> On Mon, Nov 11, 2019 at 7:47 PM Michael Osipov
> <michaelo@apache.org <ma...@apache.org>> wrote:
>
> To revive this, why APR is stil important:
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63916
>
> There is some severe bug making NIO performing very bad.
>
>
> We're making long term plans here, a bug report filed yesterday is
> rather irrelevant.
I tend to agree, especially due to the subsequent resolution of this
problem.
The BIO connector had better performance than NIO, too, with less CPU
usage and yet we still removed it.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3MNsIACgkQHPApP6U8
pFiagA/+MV29Y6W2GTfvAVDrfsv87jlB63BOqPbw7cNtUCA7XEH/iiK9kVSiOuqJ
0s9rBHMo0QtMAHEUixfgHRQFMeoAsEwSyJK4vAF3nN7kBBSq8fL7DGIczNEDmKf1
0p20DFTRGHJBxPptNCJJvSSgYn9MiUAXhiDaPomJ4daL/5dlLincWS7fo+kiP36L
cTglITbILknMyrGsYS9AvYQYEpA2epfJFiWHxDYO3ZgB4MCSazr9nmUky/Pscrir
ew8aBcCm0ArTB65v6729zB3f7UJxNo74FtkbSUtdR28WTvpVAcSVC9eiEFnivXR9
gyO9w9sZYAt0X5jZbV4SA23wnBLx63tWwNm3GNKBV+v2hOZYd5H8cF6iMJ20I/x4
MhqaLnUSQZyu2YvMXtwVAYkGGEnEmUagBU5quII2lSdyH6idsI70I01cxCMd8bEc
/64a81zriaQK20IlAEm6zAClC9dS3s8Qugx0hW+l+Gs73BTLOSzXK6Qm7XGH+uUV
hYMoK31i4lZKsctWKtuV1r9sOSNOSfDc91FjBnkasuXD/YO3K4ZoilYQwWvKpsoH
biLOMeA5PFGSi1ptaaIF/ij6BmHRwYaU75CXd2BCb9lDgGHbYge+8fhgU9Usip1b
8m8WGWtn6W6Cgs4ix4BdYSrvxqJaj37L5F8aZTQZlBoe/boXYzg=
=DCXE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [PROPOSAL] Tomcat 10: Drop APR Connector
Posted by Rémy Maucherat <re...@apache.org>.
On Mon, Nov 11, 2019 at 7:47 PM Michael Osipov <mi...@apache.org> wrote:
> To revive this, why APR is stil important:
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63916
>
> There is some severe bug making NIO performing very bad.
>
We're making long term plans here, a bug report filed yesterday is rather
irrelevant.
Rémy