On Mon, Oct 7, 2019 at 10:39 AM Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > All, > > I recently gave a presentation on locking-down Apache Tomcat[1] and I > briefly discussed the "sharp edges" present in Tomcat. Some of them > are unnecessarily sharp and may be actually unnecessary. I'm going to > make a few proposals to remove functions from Tomcat. > > Proposal: Remove APR connector > I'm +1 for this > > Justification: > > The APR connector was once used to provide superior I/O when compared > to the only other available I/O mechanism available in Java: blocking > I/O. Specifically, the APR connector allowed Tomcat to wait for > keepalive requests on a connection to in a non-blocking fashion which > was not possible with Java BIO-based connectors. > > The introduction of NIO into Java back in Java 1.4 (!!) changed > things, and NIO support was added to Tomcat in 6.0. Now that it has > had time to mature, the NIO connector is superior to the APR connector > in several ways: > > 1. NIO connector allows non-blocking TLS handshakes > 2. NIO connector uses less (Tomcat-owned) native code > > The first item improves performance and availability and the second > item improves stability (and thus availability). > > The last advantage which (until recently) made the APR connector still > very useful was the ability to use the OpenSSL cryptographic library > for all cryptographic operations which is measurably > higher-performance than those typically provided by the JVM. > > This last advantage no longer exists since we have a JSSE provider > available for OpenSSL using libtcnative. > > Notes: > > This proposal does not recommend the removal of libtcnative. Only the > removal of the APR connector, the APR lifecycle listener, and the > associated native code required to support those components. > > - -chris > > > [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc > at > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bTg8ACgkQHPApP6U8 > pFghUhAAwXEdrarxE5sgqMbZxswlOrRTQSIGZuh2t9KV8pJG+M8NrRbPMZxL3IX/ > UkJA9JGxFGA20D9kn0Xx2eX276tKtW/ZyVhg9vvlKqm8+n+vXLuN/sj15sPw1f64 > rCqj/GA+iMPP1AtBwc3E2bxBUI7WYGjgMutobwWOfHrlrw6/D4aNyO/t8XXlh9UT > ZcP9Nq0ed4G4I+zx+R//FmEa0Ky2ARUtiyuBhnA+yEFm0XT/iMpgGnl5DHpJ5nOv > U9YiTOU/bMXP1ABgCYoPgHPnYADKoEepdhD8x7CZTyUpR4vTr7DXxAABvapwynBo > sPb+CFjlQilS8zxNYbGZbCu/mpux88jKYvOrrf5Jjb8YzxAGmmy00VyzuyzApdLs > T9eYJazcej8u0he26U+QJi+HCQ+KpdSeMP/kQuw2BorvdD5BkPA22MvqoeIdU1Xs > IzS6+69/MwjkTSL3YOlxp/E7HuG/gegGYBgVphVVJVAYh5lyBcY9o5diTIwdbejU > yK+3WBbkK9dp8nM0GmKoaUqhLP/XvACG5FohW6P+EHLTjlCy7dPbr7s409coQb/1 > JQqur4GABbM47MXSDaXHisXLSLY3RpF6Uo0Fb2AC2AuuAihjNpQ0GmeuLHhoPI7W > CycCLjMqLystoj8pNR1pil1FOgI1zOPilylpMX0mV5VuDhPxuFw= > =MZ7V > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
