[JBoss JIRA] Created: (JBWS-3202) JBossWS does not reuse SSL connections

[JBoss JIRA] Created: (JBWS-3204)...

[JBoss JIRA] Created: (JBWS-3203)...

Mustafa Musaji (JIRA)

Friday, 21 January 2011 Fri, 21 Jan '11

6:13 p.m.

JBossWS does not reuse SSL connections -------------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Show replies by date

Mustafa Musaji (JIRA)

Friday, 21 January Fri, 21 Jan

6:15 p.m.

New subject: [JBoss JIRA] Issue Comment Edited: (JBWS-3202) JBossWS does not reuse SSL connections

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Mustafa Musaji edited comment on JBWS-3202 at 1/21/11 12:15 PM: ---------------------------------------------------------------- Attached the files needed to replicate this issue was (Author: mmusaji): The files needed to replicate this issue

...

JBossWS does not reuse SSL connections -------------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Mustafa Musaji (JIRA)

6:15 p.m.

New subject: [JBoss JIRA] Updated: (JBWS-3202) JBossWS does not reuse SSL connections

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Mustafa Musaji updated JBWS-3202: --------------------------------- Attachment: example.zip The files needed to replicate this issue

...

JBossWS does not reuse SSL connections -------------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Mustafa Musaji (JIRA)

6:25 p.m.

New subject: [JBoss JIRA] Updated: (JBWS-3202) JBossWS does not reuse SSL sessions

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Mustafa Musaji updated JBWS-3202: --------------------------------- Summary: JBossWS does not reuse SSL sessions (was: JBossWS does not reuse SSL connections)

...

JBossWS does not reuse SSL sessions ----------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Richard Opalka (JIRA)

Monday, 24 January Mon, 24 Jan

3:46 p.m.

New subject: [JBoss JIRA] Issue Comment Edited: (JBWS-3202) JBossWS does not reuse SSL sessions

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Richard Opalka edited comment on JBWS-3202 at 1/24/11 9:45 AM: --------------------------------------------------------------- Remoting transport have been removed years ago from JBossWS trunk (community). We're using JBoss Netty nowadays. Regarding this issue (after exhaustive debugging) here's my conclusion: There's no way to reuse SSL connections when using remoting API. I first thought we're using remoting API in wrong way but this wasn't the case. We're using remoting the following way: HTTPRemotingConnection.invoke() { ... org.jboss.remoting.Client client = new Client(locator, "jbossws", clientConfig); client.connect(); client.setMarshaller(marshaller); client.setUnMarshaller(unmarshaller); Object resMessage = client.invoke(reqMessage, metadata); // MicroRemoteClientInvoker.invoke() { // ... // String sessionId = invocationReq.getSessionId(); // returnValue = transport(sessionId, payload, metadata, marshaller, unmarshaller); // HTTPClientInvoker.transport() { // ... // final HttpURLConnection conn = createURLConnection(validatedUrl, metadata); // HTTPSClientInvoker.createURLConnection() { // HttpURLConnection conn = super.createURLConnection(url, metadata); // HTTPClientInvoker.createURLConnection() { // ... // return new URL(url).openConnection(); // ... // } // ... // HttpsURLConnection sconn = (HttpsURLConnection) conn; // sconn.setSSLSocketFactory(sslSocketFactory); // setHostnameVerifier(sconn, metadata); // ... // } // ... // OutputStream stream = getOutputStream(conn); // marshaller.write(invocation, stream); // ... // InputStream is = (responseCode < 400) ? conn.getInputStream() : conn.getErrorStream(); // result = unmarshaller.read(is, map); // ... // // Here leaks conn object - known issue // } // ... // } client.disconnect(); ... return resMessage; } In short we're doing whole this procedure on each invocation. I first thought that reusing remoting Client (pooling) could solve this problem. But after investigation of remoting code base remoting is always calling new URL(targetURL).openConnection() and there's no way to reuse this created connection outside of remoting. I copied/pasted relevant bits of remoting code base above (in form of comments) so you can see what's happening inside of remoting2. was (Author: richard.opalka(a)jboss.com): Remoting transport have been removed years ago from JBossWS trunk (community). We're using JBoss Netty nowadays. Regarding this issue (after exhaustive debugging) here's my conclusion: There's no way to reuse SSL connections when using remoting API. I first thought we're using remoting API in wrong way but this wasn't the case. We're using remoting the following way: HTTPRemotingConnection.invoke() { ... org.jboss.remoting.Client client = new Client(locator, "jbossws", clientConfig); client.connect(); client.setMarshaller(marshaller); client.setUnMarshaller(unmarshaller); Object resMessage = client.invoke(reqMessage, metadata); // MicroRemoteClientInvoker.invoke() { // ... // String sessionId = invocationReq.getSessionId(); // returnValue = transport(sessionId, payload, metadata, marshaller, unmarshaller); // HTTPClientInvoker.transport() { // ... // final HttpURLConnection conn = createURLConnection(validatedUrl, metadata); // HTTPSClientInvoker.createURLConnection() { // HttpURLConnection conn = super.createURLConnection(url, metadata); // HTTPClientInvoker.createURLConnection() { // ... // return new URL(url).openConnection(); // ... // } // ... // HttpsURLConnection sconn = (HttpsURLConnection) conn; // sconn.setSSLSocketFactory(sslSocketFactory); // setHostnameVerifier(sconn, metadata); // ... // } // ... // OutputStream stream = getOutputStream(conn); // generates SSL handshake // marshaller.write(invocation, stream); // ... // InputStream is = (responseCode < 400) ? conn.getInputStream() : conn.getErrorStream(); // result = unmarshaller.read(is, map); // ... // // Here leaks conn object - known issue // } // ... // } client.disconnect(); ... return resMessage; } In short we're doing whole this procedure on each invocation. I first thought that reusing remoting Client (pooling) could solve this problem. But after investigation of remoting code base remoting is always calling new URL(targetURL).openConnection() and there's no way to reuse this created connection outside of remoting. I copied/pasted relevant bits of remoting code base above (in form of comments) so you can see what's happening inside of remoting2.

...

JBossWS does not reuse SSL sessions ----------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Assignee: Richard Opalka Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Sven-Erik Ceedigh (JIRA)

4:37 p.m.

New subject: [JBoss JIRA] Commented: (JBWS-3202) JBossWS does not reuse SSL sessions

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Sven-Erik Ceedigh commented on JBWS-3202: ----------------------------------------- If this is a problem with JBoss Remoting and not JBossWS, shouldn't you create a new JIRA for JBoss Remoting before rejecting this JIRA and treating it as Resolved?? As a paying support customer using EAP 5.0.0 in production, we are concerned about this problem being fixed in EAP 5.0.0 and not interested in whether or not the fix should be in JBossWS or JBoss Remoting. Switching to JBossWS-CXF in order to make this work also sounds like we are not getting full value from our support contract.

...

JBossWS does not reuse SSL sessions ----------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Assignee: Richard Opalka Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Alessio Soldano (JIRA)

4:47 p.m.

New subject: [JBoss JIRA] Commented: (JBWS-3202) JBossWS does not reuse SSL sessions

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on JBWS-3202: ---------------------------------------

...

From a JBossWS community project point of view Richard is correct in saying and considering this as solved/rejected. However a JBPAPP jira should be created here, as from a enterprise point of view the product (JBoss EAP) can probably be improved on the behaviour partially described in this jira.

...

JBossWS does not reuse SSL sessions ----------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Assignee: Richard Opalka Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Richard Opalka (JIRA)

Tuesday, 25 January Tue, 25 Jan

10:32 a.m.

New subject: [JBoss JIRA] Commented: (JBWS-3202) JBossWS does not reuse SSL sessions

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Richard Opalka commented on JBWS-3202: -------------------------------------- Dear Erik, there's difference between community projects and commercial products. JBWS is about community and JBPAPP is about products. You just need to care about your support related issues. If it's not closed you can be sure someone's still working on it. I didn't create JBREM issue because JBoss Remoting is considered obsolete from community point of view. Its successor/mainline is JBoss Netty nowadays. However I discussed my conclusions with our support guys that are working on yours 'customer' issues. (Unfortunately I still don't have access to our support portal system, so I couldn't comment there directly). Our support guys will discuss mine conclusions with JBoss Remoting team (if not done yet).

...

JBossWS does not reuse SSL sessions ----------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Assignee: Richard Opalka Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

Richard Opalka (JIRA)

10:40 a.m.

New subject: [JBoss JIRA] Commented: (JBWS-3202) JBossWS does not reuse SSL sessions

[ https://issues.jboss.org/browse/JBWS-3202?page=com.atlassian.jira.plugin.... ] Richard Opalka commented on JBWS-3202: -------------------------------------- JBoss WS (series 3.1.2x and before) transport delegates to JBoss Remoting and remoting uses URL facade for SSL communications. In order to reuse created SSL connections we would need access to JBoss Remoting created URLConnection objects. Unfortunately because of JBoss Remoting API design we don't have access to URLConnection objects that are created internally and thus we cannot reuse SSL sessions. In Java SSL session is created (in HttpsUrlConnectionImpl) when user is calling conn.getOutputStream(). If there's cached SSL session/connection it's reused. But Remoting is always creating new URL connection on each invocation request. This causes SSL handshakes on every request :(

...

JBossWS does not reuse SSL sessions ----------------------------------- Key: JBWS-3202 URL: https://issues.jboss.org/browse/JBWS-3202 Project: JBoss Web Services Issue Type: Bug Security Level: Public(Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: JBoss Enterprise Application Platform 5.x JBossWS 3.1.2 Reporter: Mustafa Musaji Assignee: Richard Opalka Attachments: example.zip When creating a web service client and sending multiple requests over SSL to JBoss EAP the client doesn't reuse the already established connection and instead a SSL handshake takes place on every request. SSL session id is shown in ssl debug log but this is different on every request. Using Sun JAXWS libraries (remove endorsed libraries) you can see the SSL connection session id being reused on every subsequent request being made. JBossWS should reuse the already established connection and not do the expensive SSL handshake on every request.

-- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira

4848

days inactive

4852

days old

jbossws-issues@lists.jboss.org

Manage subscription

8 comments

4 participants

tags (0)

participants (4)

Alessio Soldano (JIRA)
Mustafa Musaji (JIRA)
Richard Opalka (JIRA)
Sven-Erik Ceedigh (JIRA)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[JBoss JIRA] Created: (JBWS-3202) JBossWS does not reuse SSL connections