Java SSLSocketChannel/SSLSelector?

Dean Hiller dhiller at twitter.com
Tue Feb 19 16:17:49 UTC 2019


>
> I am beginning to think we might be on different pages here. Someone from
> outside the selector calls selector.select(), and all selector's
> functionality is handled within the context of the calling thread. So where
> is the need for the extra thread here? More specifically, in the
> SSLSelector case, a call to its select, ends up usually to a call to its
> inner selector.select(), always in the context of the calling thread ... so
> same thing again. Why do you think another thread is necessary here (within
> the selector itself)?
>

That implies multiple threads using 1 selector.  That can be very dangerous
and prone to bugs.  Even with SSL, I would shy away from making something
like that unless putting it behind some library/abstraction like netty,
webpieces channelmanager or something.

In fact, the performance of 1 thread that runs the selector who dishes the
work to a threadpool immediately (N sockets to X threads) has been
amazing!!!  *It was even better than multiple threads on a selector we
found.* This was because that caused lots of contention with locks(slowing
it down).  The contention depended on the application as some apps had more
contention than others.  I would highly advise just sticking 1 thread on
the selector dishing out to a thread pool which removed all contention to
streamline the whole process for speed.

THEN, if you do have a threadpool and an simple implementation that runs
the data serially per socket in the threadpool(this is quite easy to do),
you can do the decryption in the threadpool as well.  webpieces impl does
this as well.

just my 2 cents,
later,

Dean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20190219/75b4fe6c/attachment.html>


More information about the security-dev mailing list