[10] RFR : 8186628 : SSL session cache can cause a scalability bottleneck

Ivan Gerasimov ivan.gerasimov at oracle.com
Tue Nov 21 13:16:47 UTC 2017


Thanks Xuelei for the comment!


On 11/20/17 8:50 PM, Xuelei Fan wrote:
> Hi Ivan,
>
> I understand the desire of performance improvement.  But I don't think 
> avoiding the use of cache is the price we want to pay for. Besides, 
> avoiding using of session cache is not something improving the 
> performance in general, it is typically something impacting the 
> performance,  a lot sometimes.
>
The proposal is not meant to be a general solution.
Clearly, turning the session cache off will increase the average time of 
session creation.
However, if the cache becomes the reason of a bottleneck due to high 
contention, then turning it off helps by just shortening the waiting 
time for each thread.

The option is set to true by default, i.e. the cache is used.
Only if the application is used in such a way that high contention for 
the cache is exposed, then the setting the option to false may help to 
improve performance.

With kind regards,
Ivan

> Xuelei
>
> On 11/20/2017 5:36 PM, Ivan Gerasimov wrote:
>> Gentle ping.
>>
>> If people agree on the approach, I'll go ahead and file a CCC request 
>> for the new recognized system property.
>>
>> With kind regards,
>>
>> Ivan
>>
>>
>> On 11/7/17 6:24 PM, Ivan Gerasimov wrote:
>>> Hello everybody!
>>>
>>> The class sun.security.ssl.SSLSessionContextImpl maintains caches 
>>> for the sessions reuse.
>>> Access to the cache from threads is serialized.
>>> It was reported that under heavy load the time of waiting for the 
>>> turn to access the synchronized methods outweighs the time of 
>>> creating a new session.
>>>
>>> It is proposed to introduce a flag that will allow to avoid using 
>>> the cache altogether.
>>> Would you please help review the proposed fix?
>>>
>>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8186628
>>> WEBREV: http://cr.openjdk.java.net/~igerasim/8186628/00/webrev/
>>>
>>
>

-- 
With kind regards,
Ivan Gerasimov




More information about the security-dev mailing list