[jetty-users] HTTPS on Raspberry very slow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] HTTPS on Raspberry very slow

From: "Harald Kornmayer" <harald@xxxxxxxxxxxx>
Date: Fri, 24 Nov 2017 18:40:08 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
Thread-index: AdNlSv7A4vxACpAeTxiZcqClPOHN4w==

Dear Jetty Users and supporters

We are using jetty in a project and run it in a OSGi Equinox runtime as the webserver for hosting JAX-RS components.
That all works fine on server, desktops, Cloud nodes, etc.

But in the project we need to run the some runtime on smaller devices like an Raspberry PI model 3.
Because of security requirements we must rely on HTTPS instead of HTTP. But when we change our configuration
from HTTP to HTTPS (using a 4096 byte key) the response times increases significantly from fast enough (t<<1sec)
to very slow (t >>5 sec).

The configuration we use for HTTP is:

-Dtruststore.path=${TRUSTSTORE_LOC}
-Dorg.eclipse.equinox.http.jetty.http.enabled=true
-Dorg.eclipse.equinox.http.jetty.https.enabled=false
-Dorg.eclipse.equinox.http.jetty.ssl.keystore=${KEYSTORE_LOC}/keystore.jks
-Dorg.eclipse.equinox.http.jetty.ssl.password=aquasi
-Dorg.eclipse.equinox.http.jetty.ssl.keypassword=somethin
-Dorg.eclipse.equinox.http.jetty.http.port=80
-Dorg.eclipse.equinox.http.jetty.https.port=443
-Dorg.eclipse.equinox.http.jetty.ssl.wantclientauth=false
-Dkeystore.path=${KEYSTORE_LOC}"

With the java start command where JETTY_PARAM has the above configuration

Java -Declipse.ignoreApp=true -Dosgi.noShutdown=true $JETTY_PARAM -Xms512m -Xmx800m -jar plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar -console 8021 -consoleLog

For https we use the following configuration:

-Dtruststore.path=${TRUSTSTORE_LOC}
-Dorg.eclipse.equinox.http.jetty.http.enabled=false
-Dorg.eclipse.equinox.http.jetty.https.enabled=true
-Dorg.eclipse.equinox.http.jetty.ssl.keystore=${KEYSTORE_LOC}/keystore.jks
-Dorg.eclipse.equinox.http.jetty.ssl.password=aquasi
-Dorg.eclipse.equinox.http.jetty.ssl.keypassword=something
-Dorg.eclipse.equinox.http.jetty.http.port=80
-Dorg.eclipse.equinox.http.jetty.https.port=443
-Dorg.eclipse.equinox.http.jetty.ssl.wantclientauth=false
-Dkeystore.path=${KEYSTORE_LOC}

We just changed the values of http.enabled and https.enabled from true to false and vice versa,

Any idea what can be the reason for the really slow response time using HTTPS?

Any idea and hint is welcome!

Thanks

Harald

Follow-Ups:
- Re: [jetty-users] HTTPS on Raspberry very slow
  - From: Simone Bordet

Prev by Date: Re: [jetty-users] Fwd: Re: Forwarding virtual host requests to another server
Next by Date: Re: [jetty-users] HTTPS on Raspberry very slow
Previous by thread: [jetty-users] Use PKCS12 keystore with Jetty
Next by thread: Re: [jetty-users] HTTPS on Raspberry very slow
Index(es):
- Date
- Thread

Breadcrumbs