Openssl and tls 1.2
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Aug 14 04:13:22 UTC 2019
Java's TLS library is not OpenSSL. This is not the right list
for help with TLS in JDK8. Speculatively, the timeout might be
related to IPv6 being enabled on the board with JDK8 and Linux 4.x.
Perhaps you're trying the IPv6 address, timing out, and then failing
over to IPv4. Or some middle-box is choking on larger client hellos.
You'll need to analyze a packet capture.
> On Aug 14, 2019, at 1:29 PM, Somshekar C Kadam <somkadam76 at gmail.com> wrote:
>
> Hi ,
> we are running java 1.6 (older build) and java 1.8(newer build) on the same arm target board with different builds.
> On 1.6 java we have Linux Kernel 2.6.35 and with Java 1.8 Linux kernel 4.x. version. so 2 environments and 2 use cases newer and older build.
> while we access https website link https://transparencyreport.google.com/https/overview?hl=en
>
> we see it takes less than 2 seconds using java 1.6. (older build)
> we see it takes 10 seconds using java 1.8 (newer build)
>
> On Java 1.8 did try disabling GCM ciphers and trying still we get the same 10 seconds delay.
>
> Attaching log of tls handshake for both. Not sure its to do with tls, may be java is causing the delay.
>
> I am not sure, please provide any pointers or feedback to rootcause it that will help to understand why we get 10seconds delay.
>
> One more info if just use curl on on newer build setup, it works fine within 2 seconds to access the https link.
Curl may well be using OpenSSL, but that's not where you're seeing
a problem, so the help you'll get on this list is rather limited.
Try wireshark or similar.
--
Viktor.
More information about the openssl-users
mailing list