Rémy, On 5/18/15 11:46 AM, Rémy Maucherat wrote: > Early performance results show the NIO(2) connector with SSL being > equivalent or maybe even slightly faster than the APR connector, with JSSE > very far behind. With SSL being nearly mandatory in the new protocols, SSL > performance becomes a very important factor.
Jean-Frederic has no doubt shared with you his investigations into (non-) accelerated crypto in the JVM due to various bugs. It will be interesting to see what kind of performance improvement JSSE gets when the JVM can finally stop doing all that crypto in Java-land. If the performance is comparable, I'd say that sticking with the vendor-supported JSSE crypto is a better bet: less code to maintain, fewer code paths to test for all configurations, etc. But this is still a very interesting project nonetheless. It's entirely possible that nobody at Oracle/OpenJDK/etc. cares about hardware-accelerated crypto, and it might not come along any time soon. In that case, Tomcat does really need a TLS solution with decent performance. -chris
signature.asc
Description: OpenPGP digital signature
