Strange freeze in JSSE

R

Rick Genter

I am using JSSE to create SSL sockets. My application just experienced
a freeze on the following fragment of code:

if (debugLevel >= 4)
logMessageln(logHeader() + "_createSSLContext: building
SSLContext");
SSLContext sslContext =
SSLContext.getInstance(gP().getKeyStoreProtocol());
sslContext.init(keyManagers, trustManagers, null);
if (debugLevel >= 4)
logMessageln(logHeader() + "_createSSLContext: SSLContext built");

gP() simply returns a global properties object, and the
getKeyStoreProtocol() method of that object simply returns a String
with the protocol to use (which is "JKS" in this instance).
keyManagers and trustManagers are KeyManager[] and TrustManager[]
arrays returned by KeyManagerFactory.getKeyManagers() and
TrustManagerFactory.getTrustManagers() respectively.

I saw the first message (building SSLContext), but not the second
(SSLContext built). The system sat quiescent for over half an hour
before I realized that it had hung (the timestamp on the first message
was at 12:00, and I noticed that it had hung at 12:32).

Does anyone have any suggestions on how I can track down why this
would hang? Note that this code is in a loop that creates an
SSLContext every 30 seconds or so and had been running fine for two
days before encountering this freeze.

Thanks in advance.

Rick
 
E

EJP

First comment is that you shouldn't be creating SSLContexts repeatedly.
One will do for the entire run of the program, unless you constantly
want to be changing *implementations*, which is hard to imagine.
SSLContexts are used to create SSLSockets and SSLSessions, and you
should expire the *sessions* fairly regularly according to your security
requirements, so that new handshakes are executed. How often you do this
is up to you, depending on how much handshake overhead you can tolerate,
but it's hard to see a reason to expire sessions more frequently than
every 5 minutes, and an hour or so is quite common.

As to why it's hanging, is it really hanging or still computing?

EJP
 
R

Rick Genter

Hanging - unless it sometimes takes a fraction of a second to compute, and
other times will take > 30 minutes to compute (which is effectively a hang).

However, I take note of your comment about not re-creating SSL contexts, and
will modify the application accordingly. I feel that the underlying cause of
the freeze, however, is something else, perhaps not even related to SSL.

Thanks for your input.

Rick

EJP said:
First comment is that you shouldn't be creating SSLContexts repeatedly.
One will do for the entire run of the program, unless you constantly
want to be changing *implementations*, which is hard to imagine.
SSLContexts are used to create SSLSockets and SSLSessions, and you
should expire the *sessions* fairly regularly according to your security
requirements, so that new handshakes are executed. How often you do this
is up to you, depending on how much handshake overhead you can tolerate,
but it's hard to see a reason to expire sessions more frequently than
every 5 minutes, and an hour or so is quite common.

As to why it's hanging, is it really hanging or still computing?

EJP

Rick said:
I am using JSSE to create SSL sockets. My application just experienced
a freeze on the following fragment of code:

if (debugLevel >= 4)
logMessageln(logHeader() + "_createSSLContext: building
SSLContext");
SSLContext sslContext =
SSLContext.getInstance(gP().getKeyStoreProtocol());
sslContext.init(keyManagers, trustManagers, null);
if (debugLevel >= 4)
logMessageln(logHeader() + "_createSSLContext: SSLContext built");

gP() simply returns a global properties object, and the
getKeyStoreProtocol() method of that object simply returns a String
with the protocol to use (which is "JKS" in this instance).
keyManagers and trustManagers are KeyManager[] and TrustManager[]
arrays returned by KeyManagerFactory.getKeyManagers() and
TrustManagerFactory.getTrustManagers() respectively.

I saw the first message (building SSLContext), but not the second
(SSLContext built). The system sat quiescent for over half an hour
before I realized that it had hung (the timestamp on the first message
was at 12:00, and I noticed that it had hung at 12:32).

Does anyone have any suggestions on how I can track down why this
would hang? Note that this code is in a loop that creates an
SSLContext every 30 seconds or so and had been running fine for two
days before encountering this freeze.

Thanks in advance.

Rick
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HTTPS with JSSE --- Use SSLSocketFactory or not 0
ssl createSocket slow on tomcat 2
Dual Entity in J2EE 0
In the Matter of Herb Schildt: a Detailed Analysis of "C: TheComplete Nonsense" 109
Visual Studio Closes Unexpectedly 3
News to Hackers? 17
Join July Global Python meetings via VOIP - Free SW HW Culture Mtgs -BerkeleyTIP 0
Old Paranoia Game in Python 15

Members online

Total: 32 (members: 1, guests: 31)
Robots: 262

Forum statistics

Threads
473,755
Messages
2,569,534
Members
45,007
Latest member
obedient dusk

Latest Threads

Top