[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-security-dev
Subject: Code Review Request JDK-8129988 JSSE should create a single instance of the cacerts KeyStore
From: Xuelei Fan <xuelei.fan () oracle ! com>
Date: 2016-11-27 0:46:36
Message-ID: a2f44f85-9c9b-be79-f27d-c1012fc1fa05 () oracle ! com
[Download RAW message or body]
Hi,
Please review the performance enhancement update:
http://cr.openjdk.java.net/~xuelei/8129988/webrev.00/
In SunJSSE provider, there are two ways to use the default trust store
(lib/security/cacerts), using the default SSLContext instance or using
the default trust manager.
The default SSLContext holds a strong reference to a collection of
trusted certificates in cacerts in static mode. The default trust
manager reads the cacerts file and creates a KeyStore and parses the
certificates each time.
With the growth of cacerts, the loading and cache of trusted certificate
is not performance friendly.
In this fix, I'm trying to find a balance between CPU and memory: reuse
the loaded trusted certificates if possible and release the unused
trusted certificates if necessary.
Thanks,
Xuelei
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic