如何禁用Java的SSL反向DNS查找 [英] How to disable Java's SSL Reverse DNS Lookup
问题描述
此服务器使用Java的TLS实现与
SSLEngine
。 我们看到,起初,每一个新的连接时间延迟很长(30-40秒)。我们将其缩小,以反转DNS查找超时。我们通过将所有的IP放在 HOSTS
文件中来解决。
现在,问题是我们要去逐渐扩大我们的用户群,我不想编辑 HOSTS
文件,特别是因为我们不能保证他们将拥有静态IP。 p>
有没有办法禁用Java的SSL / TLS中的反向DNS查找步骤?
我想这是一个可配置的参数,所以我们可以在开发过程中关闭它。
尝试仅通过IP地址创建SSL套接字连接。这导致了反向DNS查找尝试,因此它真的很慢...
对我来说,解决方案只是传递一个虚空的空字符串作为主机名,当创建SSL连接的InetAddress。也就是说,我更改了
InetAddress.getByAddress(addrBytes)
to
InetAddress.getByAddress(,addrBytes)
,它不再反向DNS查找。
I have a server in development and a few developers connecting to it.
This server uses Java's TLS implementation with SSLEngine
.
We saw that, at first, every new connection would have a long delay (30-40 seconds). We narrowed it down to reverse DNS lookups timing out. We solved that by putting all our IPs in the HOSTS
file.
Now, the problem is that we are going to widen progressively our user base and I don't want to edit the HOSTS
file, especially since we can't guarantee that they're going to have static IPs.
Is there any way to disable the reverse DNS lookup step in Java's SSL/TLS?
I'd like to have this as a configurable parameter, so that we can turn it off during development.
I faced this same problem today when I tried to create a SSL socket connection by IP address only. That resulted in reverse DNS lookup attempt, and therefore it was really slow...
To me the solution was simply to pass a dummy empty string as the host name, when creating the InetAddress for the SSL connection. That is, I changed
InetAddress.getByAddress(addrBytes)
to
InetAddress.getByAddress("", addrBytes)
and it no longer does the reverse DNS lookup.
这篇关于如何禁用Java的SSL反向DNS查找的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!