Making JSSE.client only create default SSLContext once #73

Merged
merged 2 commits into from Mar 16, 2012

Projects

None yet

2 participants

Contributor
tootedom commented Mar 9, 2012

Currently when tls(hostname) is called the SSLContext for the default jsse
truststore (cacerts) is created on a per request basis. This seems like overhead,
as a new SSLContext means that cacerts is reread; and a SecureRandom created
for each ssl (https) call.

Therefore, I've made a change; so that only the first call to JSSE.client()
creates the SSLContext, all subsequent calls just create the SSLEngine from
that precreated default SSLContext.

@tootedom tootedom when tls(hostname) is called the SSLContext for the default jsse
truststore (cacerts) is created on each request.  This seems overhead,
as it means a new SSLContext, and cacerts and a SecureRandom is created
for each ssl (https) call.

Therefore, change it so that only the first call to JSSE.client()
creates the SSLContext, subsequent calls just create the SSLEngine from
that precreated SSLContext.
ca6e142
@mariusae mariusae commented on an outdated diff Mar 13, 2012
...ore/src/main/scala/com/twitter/finagle/ssl/JSSE.scala
@@ -13,6 +13,9 @@ object JSSE {
private[this] val log = Logger.getLogger(getClass.getName)
private[this] val contextCache: MutableMap[String, SSLContext] = MutableMap.empty
private[this] val protocol = "TLS"
+ private[this] lazy val defaultSSLContext : SSLContext = { val ctx = SSLContext.getInstance(protocol)
+ ctx.init(null, null, null)
+ ctx }
mariusae
mariusae Mar 13, 2012 Contributor

fix the weird indentation: prefer

.. val defaultSSLContext: SSLContext = {
  val ctx = ...
  ctx.init(..)
  ctx
}
Contributor

Hi there,

Sorry about the formatting, does 2d51c0b look any better?

Cheers
/dom

@mariusae mariusae merged commit c94a3c8 into twitter:master Mar 16, 2012
Contributor

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment