RFR: 8065994: HTTP Tunnel connection to NTLM proxy reauthenticates instead of using keep-alive

Chris Hegarty chris.hegarty at oracle.com
Fri Jan 23 15:00:45 UTC 2015


Looks good to me Sean.

Good to see additional logging in this area.

-Chris.

On 22/01/15 15:21, Seán Coffey wrote:
> Looking for a review around this issue that came in as a reported
> performance regression in NTLM proxy authentication. It turned out that
> HttpsClients were being discarded after Proxy SocketAddress equality
> tests failed. Lack of caching is expensive in terms for performance for
> TLS and needless handshakes. The 2nd round of NTLM authentication was
> passing in a Proxy which had a resolved SocketAddress. The previous
> Proxy creation for the same connection (via DefaultProxySelector)
> constructs Proxy using unresolved socketAddress.  Proposed fix is to
> compare like with like and have Proxy construct with unresolved Address.
>
> I captured more details in bug report. I'm also using this opportunity
> to adding some extra logging to the HttpsClient class and to correct a
> bad null versus NO_PROXY test that existed (line 339)
>
> bug report : https://bugs.openjdk.java.net/browse/JDK-8065994
> webrev : http://cr.openjdk.java.net/~coffeys/webrev.8065994/webrev/
>
> regards,
> Sean.


More information about the security-dev mailing list