在TOMCAT5.5上SSL的APR实现和SSL的JSSE实现有什么区别 [英] What is the difference between APR implementation of SSL and JSSE implementation of SSL on TOMCAT5.5

问题描述

我正在配置 SSL 以支持 TOMCAT 5.5 上的 HTTPS，所以我参考了 http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html，详细阐述了如何实现SSL.

I'm configuring SSL to support HTTPS on TOMCAT 5.5, so I referred to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, which elaborates on how to implement SSL.

本文档介绍了两种 SSL 实现方式，即 APR 实现和 JSSE 实现.我想知道它们之间有什么区别，包括它们的缺点和优点.

This document describes two ways to implement SSL, namely the APR implementation and the JSSE implementation. I wonder what the difference between them is, including their shortcomings and advantages.

推荐答案

区别在于 JDK 使用的是自己的 SSL 实现，而 APR 使用的是计算机上安装的东西，即大多数情况下的 OpenSSL.

The difference is that the JDK is using it's own SSL implementation, while the APR it's using what's installed on the computer, i.e. OpenSSL in most cases.

如果你的 https 流量低到中等，Java 解决方案就好了，但是对于非常重的负载(例如当大多数页面在 https 上运行时)，OpenSSL 原生解决方案要好得多，并且可以重新编译和优化，因此它将运行得更快并消耗更少的资源.然而，APR+OpenSSL 的主要缺点是它需要更多的配置和调整 + 测试，Java 版本开箱即用.

If you have low to medium traffic for https, the Java solution is just fine, but for very heavy loading (e.g. when most pages run on https), the OpenSSL native solution is much better, and it can be recompiled and optimized, so it will run even faster and consume less resources. The main disadvantage of APR+OpenSSL however is that it requires more configuration and tuning + testing, the Java version working simply out-of-the box.

我通常做的是，始终使用默认的 Java SSL 解决方案和监控工具，如果流量变大，然后才花精力调整 APR 解决方案.

What I usually do, is to always use the default Java SSL solution together with monitoring tools, and if the traffic turns heavy, then, and only then spend the effort to tune the APR solution.

这篇关于在TOMCAT5.5上SSL的APR实现和SSL的JSSE实现有什么区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！