I'm looking for an alternative to the JSSE for performing client-side SSL, and speed is extremely important. Specifically, I have a server program that must do https requests to other servers for transaction processing.
Is the ssl library here appropriate for this? Is it faster than stock the stock JDK? If not, can you recommend an implementation that may make sense? Has any benchmarking been done yet?
Thanks,
Nick
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry about the huge delay in response. I have not been monitoring the forum. It may be best to send me mail directly at harmeet@kodemsue.com. I will also monitor this forum better.
Nick Temple
> Im looking for an alternative to the JSSE for performing client-side
> SSL, and speed is extremely important. Specifically, I have a server
> program that must do https requests to other servers for transaction
> processing.
>
> Is the ssl library here appropriate for this?
ssllib is embedded in at least one commercial product for this
purpose. It works well for non mutual authenticated case. However
client to server mutual authentication has bugs. I did not reach
closure on mutual authenticated bugs because none of the users needed
it. If you have a need for mutual authentication I will address it.
Nick Temple
> Is it faster than stock the stock JDK? If not, can you recommend an
> implementation that may make sense?
Yes, that was the entire purpose. It turned out to be more work than I
initially thought but JDK was slow and buggy(even 1.4) and I have had
painful experience with commercial java toolkits including those from
RSA.
I have a lot of respect for puretls - Eric
Rescorla's Java SSL Library, but I prefer not to use Crytix(crypto
engine under puretls)
Nick Temple
> Has any benchmarking been done yet?
No, but there is noticeable difference even from user perspective so
didn't want to spend cycles on it. Could do but would rather do
- NBIO with ssllib
- close mutual authentication issues.
- port to other languages.
- integrate with other opensource projects.
Harmeet
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi -
I'm looking for an alternative to the JSSE for performing client-side SSL, and speed is extremely important. Specifically, I have a server program that must do https requests to other servers for transaction processing.
Is the ssl library here appropriate for this? Is it faster than stock the stock JDK? If not, can you recommend an implementation that may make sense? Has any benchmarking been done yet?
Thanks,
Nick
Hey Nick,
Sorry about the huge delay in response. I have not been monitoring the forum. It may be best to send me mail directly at harmeet@kodemsue.com. I will also monitor this forum better.
Nick Temple
> Im looking for an alternative to the JSSE for performing client-side
> SSL, and speed is extremely important. Specifically, I have a server
> program that must do https requests to other servers for transaction
> processing.
>
> Is the ssl library here appropriate for this?
ssllib is embedded in at least one commercial product for this
purpose. It works well for non mutual authenticated case. However
client to server mutual authentication has bugs. I did not reach
closure on mutual authenticated bugs because none of the users needed
it. If you have a need for mutual authentication I will address it.
Nick Temple
> Is it faster than stock the stock JDK? If not, can you recommend an
> implementation that may make sense?
Yes, that was the entire purpose. It turned out to be more work than I
initially thought but JDK was slow and buggy(even 1.4) and I have had
painful experience with commercial java toolkits including those from
RSA.
I have a lot of respect for puretls - Eric
Rescorla's Java SSL Library, but I prefer not to use Crytix(crypto
engine under puretls)
Nick Temple
> Has any benchmarking been done yet?
No, but there is noticeable difference even from user perspective so
didn't want to spend cycles on it. Could do but would rather do
- NBIO with ssllib
- close mutual authentication issues.
- port to other languages.
- integrate with other opensource projects.
Harmeet