Re: [PROPOSAL] Tomcat 10: Drop APR Connector

Mon, 11 Nov 2019 10:47:47 -0800 

Am 2019-10-09 um 21:40 schrieb Christopher Schultz:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Michael

On 10/9/19 11:40, Michael Osipov wrote:

Am 2019-10-07 um 16:39 schrieb Christopher Schultz:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

All,

I recently gave a presentation on locking-down Apache Tomcat[1]
and I briefly discussed the "sharp edges" present in Tomcat. Some
of them are unnecessarily sharp and may be actually unnecessary.
I'm going to make a few proposals to remove functions from
Tomcat.

Proposal: Remove APR connector

Justification:

The APR connector was once used to provide superior I/O when
compared to the only other available I/O mechanism available in
Java: blocking I/O. Specifically, the APR connector allowed
Tomcat to wait for keepalive requests on a connection to in a
non-blocking fashion which was not possible with Java BIO-based
connectors.

The introduction of NIO into Java back in Java 1.4 (!!) changed
things, and NIO support was added to Tomcat in 6.0. Now that it
has had time to mature, the NIO connector is superior to the APR
connector in several ways:

1. NIO connector allows non-blocking TLS handshakes 2. NIO
connector uses less (Tomcat-owned) native code

The first item improves performance and availability and the
second item improves stability (and thus availability).

The last advantage which (until recently) made the APR connector
still very useful was the ability to use the OpenSSL
cryptographic library for all cryptographic operations which is
measurably higher-performance than those typically provided by
the JVM.

This last advantage no longer exists since we have a JSSE
provider available for OpenSSL using libtcnative.

Notes:

This proposal does not recommend the removal of libtcnative. Only
the removal of the APR connector, the APR lifecycle listener, and
the associated native code required to support those components.


Though, I have no opion for or against. It has worked very well for
me for the last 10+ years on HP-UX for our software.


I'd love to get your feedback on NIO+OpenSSL, then.


To revive this, why APR is stil important:

https://bz.apache.org/bugzilla/show_bug.cgi?id=63916

There is some severe bug making NIO performing very bad.

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to