0

I'm using servlets 3 with jetty 8.1.1 and the SslContextFactory on an amazon ec2 machine (m1-small).

  • The first HTTPS request from localhost (of the amazone machine) is about 150ms and further requests seem to get faster (down to ~40ms) but not as close as to the HTTP response time of only 20ms - why? Is encryption really that slow?

  • Also when comparing HTTPS and HTTP from outside of the amazon cloud the difference gets even worse: HTTPS requests are at least 400ms slower!? How can that be? Is the encrypted content also bigger? And how can I debug it or make all faster?

Some more informations: all 'measurements' are unscientificly done via time curl http://mydomain.com/ping but are reproducable. Also there is an ec2 load balancer in between. I'm sure I've configured something wrong or there is a big misunderstanding from me. Let me know!

Karussell
  • 17,085
  • 16
  • 97
  • 197

2 Answers2

0
  • update to 8.1.7
  • check the time from localhost on the aws machine for reference
  • check using the IP vs DNS, quite often those sorts of long pauses involve dns issues
  • set your /etc/hosts to bypass a DNS look for host as a test as well
  • -Dorg.eclipse.jetty.LEVEL=DEBUG on the server side to enable debug, should help your correlate the roundtrip inside of jetty and compare to actual network results
  • ssl decryption does incur some performance hit, hard to say that that would be all of your differences here though
  • odds are this is not specific to jetty but something in the environment, which hopefully some bullet above will help steer you in the right direction
jesse mcconnell
  • 7,102
  • 1
  • 22
  • 33
  • Thanks, I'll investigate and report back! – Karussell Oct 25 '12 at 08:02
  • hmmh when using the IP - how can I avoid the error: certificate subject name '*.domain.com' does not match target host name '' ? Please see also my question update that the first bullet is already from an amazon machine. And what do you mean with the 4th point about the /etc/hosts and how would I do that? – Karussell Oct 29 '12 at 09:45
  • when looking at the debug messages I get responses within 30-40ms starting with DBUG:oejs.Server:REQUEST /api on AsyncHttpConnection ending with DBUG:oejs.Server:RESPONSE /api 200 ... what does all the SSL NOT_HANDSHAKING mean? – Karussell Oct 29 '12 at 10:19
  • puh and upgrading to 8.1.7 didn't help – Karussell Oct 29 '12 at 10:41
  • Important question: Are ssl sessions enabled? If not, is allowRenegotiate=true the correct parameter to enable it? – Karussell Oct 31 '12 at 11:18
0

I need to find out how to enable SSL sessions. For this I've created a new question as it is unclear how to turn on in jetty and how to handle on the client side

Community
  • 1
  • 1
Karussell
  • 17,085
  • 16
  • 97
  • 197