[10] RFR : 8186628 : SSL session cache can cause a scalability bottleneck

Peter Levart peter.levart at gmail.com
Wed Nov 22 09:45:28 UTC 2017

Hi Ivan,

Here's my attempt to increase multithreaded scalability of Cache:


Haven't tested this yet, but I thought that since you already have 
relevant performance tests, you might want to try this, so I decided to 
release it as is.

Rough sketch of changes:
- replaced LinkedHashMap with ConcurrentHashMap
- CacheEntry(s) are additionaly linked into a double-linked list. 
DL-list management is the only synchronization point (similar to Cleaner 
API) and the rule is: 1st new entry is linked into DL-list, then it is 
put into map - published. The same with removing: 1st an entry is 
unlinked from DL-list, then if successfull, removed from map and 
- changed the way expiry is handled so that the whole list is never 
needed to be scanned.

The code speaks for itself.

Let me know if you find it usefull and/or it solves the scalability 

Regards, Peter

On 11/21/17 14:16, Ivan Gerasimov wrote:
> Thanks Xuelei for the comment!
> On 11/20/17 8:50 PM, Xuelei Fan wrote:
>> Hi Ivan,
>> I understand the desire of performance improvement.  But I don't 
>> think avoiding the use of cache is the price we want to pay for. 
>> Besides, avoiding using of session cache is not something improving 
>> the performance in general, it is typically something impacting the 
>> performance,  a lot sometimes.
> The proposal is not meant to be a general solution.
> Clearly, turning the session cache off will increase the average time 
> of session creation.
> However, if the cache becomes the reason of a bottleneck due to high 
> contention, then turning it off helps by just shortening the waiting 
> time for each thread.
> The option is set to true by default, i.e. the cache is used.
> Only if the application is used in such a way that high contention for 
> the cache is exposed, then the setting the option to false may help to 
> improve performance.
> With kind regards,
> Ivan
>> Xuelei
>> On 11/20/2017 5:36 PM, Ivan Gerasimov wrote:
>>> Gentle ping.
>>> If people agree on the approach, I'll go ahead and file a CCC 
>>> request for the new recognized system property.
>>> With kind regards,
>>> Ivan
>>> On 11/7/17 6:24 PM, Ivan Gerasimov wrote:
>>>> Hello everybody!
>>>> The class sun.security.ssl.SSLSessionContextImpl maintains caches 
>>>> for the sessions reuse.
>>>> Access to the cache from threads is serialized.
>>>> It was reported that under heavy load the time of waiting for the 
>>>> turn to access the synchronized methods outweighs the time of 
>>>> creating a new session.
>>>> It is proposed to introduce a flag that will allow to avoid using 
>>>> the cache altogether.
>>>> Would you please help review the proposed fix?
>>>> BUGURL: https://bugs.openjdk.java.net/browse/JDK-8186628
>>>> WEBREV: http://cr.openjdk.java.net/~igerasim/8186628/00/webrev/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20171122/5e1a9b2d/attachment.html>

More information about the security-dev mailing list