Performance degradation in SslContextBuilder.build() on Java 11 for mTLS connections
See original GitHub issueExpected behavior
When we build an SslContext for a Client using SslContextBuilder, no matter the parameters we set for the builder, running it on Java 11 takes 2x or 3x more time than on Java 8.
An average of 30 runs of the below code on Java 8 shows an average of 500 ms, when the same is run on JDK11, it takes up to 1500 ms.
Actual behavior
Ideally Java 11 and Java 8 performance should be similar.
Minimal yet complete reproducer code (or URL to code)
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
.trustManager(rootCACert)
.ciphers(null)
.sessionCacheSize(0)
.sessionTimeout(0)
.sslProvider(SslProvider.OPENSSL) // or SslProvider.JDK, doesn't matter
.clientAuth(ClientAuth.REQUIRE);
sslContextBuilder.build();
Netty version
4.1.50.Final, 4.1.64.Final
JVM version (e.g. java -version
)
openjdk1.8.0_172, openjdk_11.0.8_11.41.54
OS version (e.g. uname -a
)
MacOS 19.6.0 Darwin Kernel
Issue Analytics
- State:
- Created 2 years ago
- Comments:21 (18 by maintainers)
Top Results From Across the Web
TLS performance degradation when using Java 11 · Issue #856
Significant TLS performance degradation after switching to AdoptOpenJDK 11 or above. Checked on Debian and Mac.
Read more >Learn how to apply TLS to Spring RSocket - VMware Tanzu
SSL/TLS Certificates allow a server to join the chain-of-trust with other entities ... endpoint that lets us exercise the TLS connectivity through RSocket....
Read more >Java 11 SSLHandshakeException with TLS 1.3 - Stack Overflow
Neardupe Java 11 HTTPS connection fails with SSL HandshakeException while using Jsoup but I have some to add. Use Connection.
Read more >Reactor Netty Reference Guide
Reactor Netty provides an easy to use and configure TcpServer . It hides most of the Netty functionality that is needed to create...
Read more >OIDC Client with Mutual TLS Client Authentication | foojay
Learn how to set up an OpenID Connect (OIDC) client with Spring Security using mutual TLS as a method for authenticating the client....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Well, this one fell off my radar. I will get back by this weekend with some updates.
Anyone did investigate this yet ?