Am 07.10.2019 um 16:39 schrieb Christopher Schultz:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
I recently gave a presentation on locking-down Apache Tomcat[1] and I
briefly discussed the "sharp edges" present in Tomcat. Some of them
are unnecessarily sharp and may be actually unnecessary. I'm going to
make a few proposals to remove functions from Tomcat.
Proposal: Remove APR connector
+1 and +1 to the additional comments by Mark and Remy
Justification:
The APR connector was once used to provide superior I/O when compared
to the only other available I/O mechanism available in Java: blocking
I/O. Specifically, the APR connector allowed Tomcat to wait for
keepalive requests on a connection to in a non-blocking fashion which
was not possible with Java BIO-based connectors.
The introduction of NIO into Java back in Java 1.4 (!!) changed
things, and NIO support was added to Tomcat in 6.0. Now that it has
had time to mature, the NIO connector is superior to the APR connector
in several ways:
1. NIO connector allows non-blocking TLS handshakes
2. NIO connector uses less (Tomcat-owned) native code
The first item improves performance and availability and the second
item improves stability (and thus availability).
The last advantage which (until recently) made the APR connector still
very useful was the ability to use the OpenSSL cryptographic library
for all cryptographic operations which is measurably
higher-performance than those typically provided by the JVM.
This last advantage no longer exists since we have a JSSE provider
available for OpenSSL using libtcnative.
Notes:
This proposal does not recommend the removal of libtcnative. Only the
removal of the APR connector, the APR lifecycle listener, and the
associated native code required to support those components.
- -chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
