ssl java implemntation blocking?
61 views
Skip to first unread message
ad...@cs.miami.edu
Jul 11, 2016, 11:30:02 AM7/11/16
to vert.x
Hi,
Quick question: When using the standard java implementation of ssl, does the extra ssl cpu computation block any important Vertx threads? Is the ssl cpu computation done in parallel among many requests in several threads, or is the ssl computation only done in one thread and then done in serial?
Thanks,
-Adam
Quick question: When using the standard java implementation of ssl, does the extra ssl cpu computation block any important Vertx threads? Is the ssl cpu computation done in parallel among many requests in several threads, or is the ssl computation only done in one thread and then done in serial?
Thanks,
-Adam
creativedotit
Jul 11, 2016, 6:12:59 PM7/11/16
to vert.x
Maybe it blocks, i cannot answer this, but it's well known that it is slower than openssl (10MB/s vs 200MB/s i read somewhere in the vert.x docs) so tncnative is the way for now
ad...@cs.miami.edu
Jun 25, 2017, 1:20:50 AM6/25/17
to vert.x
I asked this question a while back, but the thread kind of died out. So I thought I would bump it.
The question is: for the java implementation of SSL, on what thread does the encrypt/decrypt computation occur? Is it on the event loop (if so, would this be considered blocking) or does it occur on another thread.
thanks,
-Adam
Tim Fox
Jun 25, 2017, 6:27:20 AM6/25/17
to vert.x
By "blocks" I assume you mean "takes a long time" rather than actually blocking the thread (e.g. on IO)?
AFAIK the encryption is done in chunks so shouldn't block anything.
(IIRC, there is/was an issue when running SSL in debug mode, a global mutex comes into play and kills performance)
ad...@cs.miami.edu
Jun 26, 2017, 4:13:55 AM6/26/17
to vert.x
>> By "blocks" I assume you mean "takes a long time"
exactly!
>> AFAIK the encryption is done in chunks so shouldn't block anything.
Is there anyway to do the entire encryption on a worker thread at once, as opposed to in chuncks on the io threads? In the case that the entire response is known, maybe it could be passed through an executeBlocking function, and then the the response.end() would send the encrypted response directly?
>>there is/was an issue when running SSL in debug mode
Is this problem only if vert.x uses "debug mode" (not even sure what that is), or do you mean that wehn running in a debugger the cause of the problem became apparent.
-Adam
Tim Fox
Jun 26, 2017, 4:20:29 AM6/26/17
to vert.x
>> By "blocks" I assume you mean "takes a long time"
exactly!>> AFAIK the encryption is done in chunks so shouldn't block anything.Is there anyway to do the entire encryption on a worker thread at once, as opposed to in chuncks on the io threads? In the case that the entire response is known, maybe it could be passed through an executeBlocking function, and then the the response.end() would send the encrypted response directly?
It's not something Vert.x has control over, and I don't see what benefit that would provide tbh.
>>there is/was an issue when running SSL in debug modeIs this problem only if vert.x uses "debug mode" (not even sure what that is), or do you mean that wehn running in a debugger the cause of the problem became apparent.
JDK SSL debug mode, nothing to do with Vert.x.
It's recommended though to use openssl impl not the JDK impl:
Reply all
Reply to author
Forward
0 new messages