-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I recently gave a presentation on locking-down Apache Tomcat[1] and I briefly discussed the "sharp edges" present in Tomcat. Some of them are unnecessarily sharp and may be actually unnecessary. I'm going to make a few proposals to remove functions from Tomcat. Proposal: Remove APR connector Justification: The APR connector was once used to provide superior I/O when compared to the only other available I/O mechanism available in Java: blocking I/O. Specifically, the APR connector allowed Tomcat to wait for keepalive requests on a connection to in a non-blocking fashion which was not possible with Java BIO-based connectors. The introduction of NIO into Java back in Java 1.4 (!!) changed things, and NIO support was added to Tomcat in 6.0. Now that it has had time to mature, the NIO connector is superior to the APR connector in several ways: 1. NIO connector allows non-blocking TLS handshakes 2. NIO connector uses less (Tomcat-owned) native code The first item improves performance and availability and the second item improves stability (and thus availability). The last advantage which (until recently) made the APR connector still very useful was the ability to use the OpenSSL cryptographic library for all cryptographic operations which is measurably higher-performance than those typically provided by the JVM. This last advantage no longer exists since we have a JSSE provider available for OpenSSL using libtcnative. Notes: This proposal does not recommend the removal of libtcnative. Only the removal of the APR connector, the APR lifecycle listener, and the associated native code required to support those components. - -chris [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc at -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bTg8ACgkQHPApP6U8 pFghUhAAwXEdrarxE5sgqMbZxswlOrRTQSIGZuh2t9KV8pJG+M8NrRbPMZxL3IX/ UkJA9JGxFGA20D9kn0Xx2eX276tKtW/ZyVhg9vvlKqm8+n+vXLuN/sj15sPw1f64 rCqj/GA+iMPP1AtBwc3E2bxBUI7WYGjgMutobwWOfHrlrw6/D4aNyO/t8XXlh9UT ZcP9Nq0ed4G4I+zx+R//FmEa0Ky2ARUtiyuBhnA+yEFm0XT/iMpgGnl5DHpJ5nOv U9YiTOU/bMXP1ABgCYoPgHPnYADKoEepdhD8x7CZTyUpR4vTr7DXxAABvapwynBo sPb+CFjlQilS8zxNYbGZbCu/mpux88jKYvOrrf5Jjb8YzxAGmmy00VyzuyzApdLs T9eYJazcej8u0he26U+QJi+HCQ+KpdSeMP/kQuw2BorvdD5BkPA22MvqoeIdU1Xs IzS6+69/MwjkTSL3YOlxp/E7HuG/gegGYBgVphVVJVAYh5lyBcY9o5diTIwdbejU yK+3WBbkK9dp8nM0GmKoaUqhLP/XvACG5FohW6P+EHLTjlCy7dPbr7s409coQb/1 JQqur4GABbM47MXSDaXHisXLSLY3RpF6Uo0Fb2AC2AuuAihjNpQ0GmeuLHhoPI7W CycCLjMqLystoj8pNR1pil1FOgI1zOPilylpMX0mV5VuDhPxuFw= =MZ7V -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
