I am connecting the CORBA server running on Solaris machine from a Window client with SSL on both sides. Here is the JacORB SSL properties using on both client and server. jacorb.security.support_ssl=on jacorb.security.ssl.client.supported_options=60 jacorb.security.ssl.client.required_options=60 jacorb.security.ssl.server.supported_options=60 jacorb.security.ssl.server.required_options=60 jacorb.security.keystore=D://keystore//AdcomLite_test.jks jacorb.security.keystore_password=test jacorb.security.jsse.trustees_from_ks=on The degradation of performance with SSL is visible when first time a CORBA client connecting to the CORBA server. For example: client connecting the NameService. Here is the sample code snippet. org.omg.CORBA.Object locRootObj locRootObj = getORB ().resolve_initial_references("NameService"); NamingContextExt locRoot = NamingContextExtHelper.narrow(locRootObj) The NamingContextExtHelper.narrow method will connect to the NameService and get the root NameContext object. This is a first call to the NameService. This call is taking 4.9 sec. The same call next time onwards is taking only 0.02 sec. When first time a CORBA call request is made the underlying JacORB will create the a client socket with corresponding CORBA server and write the call request message to the socket stream and flush the socket stream. Nameservice resolved in : 05/01/2007-15:05:49:171-1167989749171 resolve_initial_references in : 05/01/2007-15:05:49:171-1167989749171 NamingContextExtHelper narrow in : 05/01/2007-15:05:49:234-1167989749234 GIOP connection flush : 05/01/2007-15:05:49:328-1167989749328 [JacORB: org.jacorb.orb.giop.GIOPConnection.sendMessage] StreamConnectionBase : 05/01/2007-15:05:49:328-1167989749328 [JacORB: org.jacorb.orb.etf.StreamConnectionBase.flush]StreamConnectionBase : 05/01/2007-15:05:54:203-1167989754203 [JacORB: org.jacorb.orb.etf.StreamConnectionBase.flush] GIOP connection flush out : 05/01/2007-15:05:54:203-1167989754203 [JacORB: org.jacorb.orb.giop.GIOPConnection.sendMessage] NamingContextExtHelper.narrow out : 05/01/2007-15:05:54:203-1167989754203 Nameservice resolved out : 05/01/2007-15:05:54:203-1167989754203 The socket stream flush operation for the fist time is taking 4.9 sec. This problem is observed only with SSL. Without SSL everything is working fine. Is this is expected behaviour with SSL? If not please help to fine tune the SSL.
This is absolutely normal behavior, and it is of course not a "critical" bug in JacORB. During first operation the TCP/IP connection is established and SSL handshake is performed, and yes this handshake may take several seconds. The time needed for SSL handshake depends on your used certificates and CA chains and the handshake options used. You have choosen 60 in xxx_required_options, this means server and client will have to exchange and validate their certificates mutually, so the handshake will take longer. Please, close this bug report. I've spoken to Reinhard Kuhn about this, please contact him and we will discuss this matter internally ;o) Regards Marc
Since the problem described is the expected behaviour, I am closing the bug.
The reason why SSL connection is slow from Window client to Solaris server. Please see the below link. http://www.velocityreviews.com/forums/t147274-very-slow-ssl-connection-from- win-to-linux.html When SSL is used the server ipaddress should be available with DNS service otherwise DNS lookup during the SSL handshake causes a long timeout. Windows DNS service will load IPAddresses from the %SystemRoot%\drivers\etc\hosts file. So the SSL server ipaddress should updated in the %SystemRoot% \drivers\etc\hosts file. Now with SSL mutual authentication is taking only 0.3 sec with below JacORB SSL setting as against earlier 4.9 sec. > jacorb.security.ssl.client.supported_options=60 > jacorb.security.ssl.client.required_options=60 > jacorb.security.ssl.server.supported_options=60 > jacorb.security.ssl.server.required_options=60