Code Review Request JDK-8129988 JSSE should create a single instance of the cacerts KeyStore
Xuelei Fan
xuelei.fan at oracle.com
Sun Nov 27 00:46:36 UTC 2016
Hi,
Please review the performance enhancement update:
http://cr.openjdk.java.net/~xuelei/8129988/webrev.00/
In SunJSSE provider, there are two ways to use the default trust store
(lib/security/cacerts), using the default SSLContext instance or using
the default trust manager.
The default SSLContext holds a strong reference to a collection of
trusted certificates in cacerts in static mode. The default trust
manager reads the cacerts file and creates a KeyStore and parses the
certificates each time.
With the growth of cacerts, the loading and cache of trusted certificate
is not performance friendly.
In this fix, I'm trying to find a balance between CPU and memory: reuse
the loaded trusted certificates if possible and release the unused
trusted certificates if necessary.
Thanks,
Xuelei
More information about the security-dev
mailing list