RFR: 8322767: TLS full handshake is slow with PKCS12KeyStore and X509KeyManagerImpl [v3]
Bernd
duke at openjdk.org
Thu Apr 24 19:47:09 UTC 2025
On Wed, 27 Mar 2024 09:18:06 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Well this PR doesn't introduce new bugs, but it exacerbates a preexisting one.
while it might be out of scope, but the trouble of caching keystores might also suggest that a better API support would be helpful. Be it a change callback or a per entry cache or similar. Anything which makes long term usage of keystores or key managers less tricky.
BTW I agree the performance regression is a bitter pill. Especially if you look at real world scenarios where the key(store) password is most of the time a pro forms cleartext parameter next to the P12 file anyway making the protection not even useful.
Gruß
Bernd
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17956#issuecomment-2828686759
More information about the security-dev
mailing list