[10] RFR : 8186628 : SSL session cache can cause a scalability bottleneck
Ivan Gerasimov
ivan.gerasimov at oracle.com
Tue Nov 21 13:16:47 UTC 2017
Thanks Xuelei for the comment!
On 11/20/17 8:50 PM, Xuelei Fan wrote:
> Hi Ivan,
>
> I understand the desire of performance improvement. But I don't think
> avoiding the use of cache is the price we want to pay for. Besides,
> avoiding using of session cache is not something improving the
> performance in general, it is typically something impacting the
> performance, a lot sometimes.
>
The proposal is not meant to be a general solution.
Clearly, turning the session cache off will increase the average time of
session creation.
However, if the cache becomes the reason of a bottleneck due to high
contention, then turning it off helps by just shortening the waiting
time for each thread.
The option is set to true by default, i.e. the cache is used.
Only if the application is used in such a way that high contention for
the cache is exposed, then the setting the option to false may help to
improve performance.
With kind regards,
Ivan
> Xuelei
>
> On 11/20/2017 5:36 PM, Ivan Gerasimov wrote:
>> Gentle ping.
>>
>> If people agree on the approach, I'll go ahead and file a CCC request
>> for the new recognized system property.
>>
>> With kind regards,
>>
>> Ivan
>>
>>
>> On 11/7/17 6:24 PM, Ivan Gerasimov wrote:
>>> Hello everybody!
>>>
>>> The class sun.security.ssl.SSLSessionContextImpl maintains caches
>>> for the sessions reuse.
>>> Access to the cache from threads is serialized.
>>> It was reported that under heavy load the time of waiting for the
>>> turn to access the synchronized methods outweighs the time of
>>> creating a new session.
>>>
>>> It is proposed to introduce a flag that will allow to avoid using
>>> the cache altogether.
>>> Would you please help review the proposed fix?
>>>
>>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8186628
>>> WEBREV: http://cr.openjdk.java.net/~igerasim/8186628/00/webrev/
>>>
>>
>
--
With kind regards,
Ivan Gerasimov
More information about the security-dev
mailing list