Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Unresolved
Priority: P3
Fix Version/s: None
Affects Version/s: None
Component/s: security-libs
Labels:
- tencent-interest

Subcomponent:
javax.net.ssl

If JMH test java/security/SSLHandshake.java uses PKCS12 keystore and PKIX KeyManagerFactory, the throughputs on TLS full handshake are much slower.

1. KeyStore: JKS, KeyManagerFactory: SunX509
Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units
SSLHandshake.doHandshake true TLSv1.2 thrpt 15 6950.013 ? 704.233 ops/s
SSLHandshake.doHandshake true TLS thrpt 15 862.246 ? 35.570 ops/s
SSLHandshake.doHandshake false TLSv1.2 thrpt 15 576.458 ? 17.235 ops/s
SSLHandshake.doHandshake false TLS thrpt 15 502.704 ? 14.180 ops/s

2. KeyStore: PKCS12, KeyManagerFactory: PKIX
Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units
SSLHandshake.doHandshake true TLSv1.2 thrpt 15 8759.169 ? 332.370 ops/s
SSLHandshake.doHandshake true TLS thrpt 15 864.751 ? 30.114 ops/s
SSLHandshake.doHandshake false TLSv1.2 thrpt 15 96.037 ? 4.704 ops/s
SSLHandshake.doHandshake false TLS thrpt 15 92.632 ? 3.235 ops/s

The combination FullHandshake+JKS+SunX509 is 4+ times faster than the combination FullHandshake+PKCS12+PKIX.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

flame-cpu-forward.html
199 kB
2024-03-28 02:42

relates to

JDK-8327461 KeyStore getEntry is not thread-safe

Resolved

JDK-8272875 Change the default key manager to PKIX

Open

JDK-8322766 Micro bench SSLHandshake should use default algorithms

Resolved

links to

Review openjdk/jdk/17956

Assignee:: Haimay Chao

Reporter:: John Jiang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023-12-28 22:27

Updated:: 2024-05-01 10:59

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates