JDK-4989229 : Reload cert stores in HTTPS and signing verification cause slow performance
  • Type: Bug
  • Component: deploy
  • Sub-Component: deployment_toolkit
  • Affected Version: 1.4.2_03,5.0
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_8,windows_xp
  • CPU: x86,sparc
  • Submitted: 2004-02-05
  • Updated: 2004-03-30
  • Resolved: 2004-02-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2_05 05Fixed
Related Reports
Duplicate :  
JDK-4992078 - JPI loads CA root certificate multiple times
Description
If HTTPS is used in the apps, plugin and webstart attempts to reload every certificate stores to ensure the certificates are up-to-date for every new connection. However, some of the certificates stores take a lot of time to load and they seldom change, e.g. cacerts. As a result, it causes overhead (usually over 1 second) for every HTTPS connection used in the app. It has significant impact to app startup time if the app is loaded through HTTPS.

If signing is used in the apps, plugin and webstart also attempts to reload every certificate stores to ensure the certificates are up-to-date for signing verification. However, it causes unnecessary overhead for every signed jar used in the app. It also has significant impact to app startup time if the app is composed of many signed jars.

This problem is reported by several customers against J2SE v1.4.2 and v1.5 with MS VM; customers reported their apps are obviously slower when making HTTPS connection in Sun VM compared to MS VM.

To optimize the performance, either root CA cert store should not be reloaded within the session, or the cert store should be reloaded only if it has been changed since the last access.

###@###.### 2004-02-05
###@###.### 2004-02-05
Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.2_05 generic tiger-beta2 FIXED IN: 1.4.2_05 tiger-beta2 INTEGRATED IN: 1.4.2_05 tiger-b40 tiger-beta2
14-06-2004
SUGGESTED FIX http://javaweb.sfbay/~ngthomas/webrevs/4989229/webrev/ ###@###.### 2004-02-12
12-02-2004
EVALUATION Committed to fix in Tiger beta 2. ###@###.### 2004-02-05
05-02-2004