Java Server,TLSv1.1快,TLSv1.2极慢(90MByte / sec对4MByte / sec) [英] Java Server, TLSv1.1 fast, TLSv1.2 extremely slow (90MByte/sec versus 4MByte/sec)
问题描述
测试之间的唯一变化是更改TLS版本。 Chrome和FireFox之间的行为相同。
The only change between tests is changing the TLS version. Behavior is the same between Chrome and FireFox.
TLSv1和TLSv1.1均达到90兆字节/秒。他们在Java 6(TLSv1)和Java 8(TLSv1 / TLSv1.1)上获得了这个速度。
TLSv1, and TLSv1.1 both get 90 MegaByte/sec. They get this speed on Java 6 (TLSv1), and Java 8 (TLSv1/TLSv1.1).
TLSv1.2然而却大大降低了速度。我们得到4兆字节/秒。没有更改密码,没有其他设置等。不仅我们的开发机器,但客户报告了同样的事情,Windows操作系统,Java 8,TLSv1.2。我们使用的是OS X,Java 8,TLSv1.2。所以这似乎是大势所趋。测试正在localhost,Xeon 6核心处理器,SSD驱动器上完成。如果我们不使用HTTPS,我们的速度超过200MB /秒。所以4MB /秒对我们能做的事情只是一种可怕的侮辱。
TLSv1.2 however drastically drops the speed. We get 4 MegaByte/sec. No ciphers were changed, no other settings, etc. Not only our dev machine, but customers have reported the same thing, Windows OS, Java 8, TLSv1.2. We are using OS X, Java 8, TLSv1.2. So it seems to be a general trend. The tests are being done on localhost, Xeon 6 core processor, SSD drive. If we don't use HTTPS we get over 200MB/sec. So 4MB/sec is just a terrible insult to what we can do.
这不是初始连接,缓存或重新协商等等。这只是原始运输速度。我没有找到任何已知的java错误,有没有人有任何猜测?
This isn't the initial connection, or cache, or renegotiation, etc. This is just the raw transport speed. I didn't find any known java bugs on this, does anyone have any guesses?
这是Chrome报告的连接和密码:
This is what Chrome reports for the connection and cipher:
您与127.0.0.1的连接是使用现代加密技术加密的。
Your connection to 127.0.0.1 is encrypted with modern cryptography.
连接使用TLS 1.2。
The connection uses TLS 1.2.
您与127.0.0.1的连接是使用过时的加密技术加密的。
Your connection to 127.0.0.1 is encrypted with obsolete cryptography.
连接使用TLS 1.1。
The connection uses TLS 1.1.
想法?
推荐答案
讨厌回答我自己的问题,但我刚认识到允许TLS v1.2对于较新的密码。它的密码导致Java 8使用软件来处理加密方面,而不是使用硬件加速,并导致可怕的速度。
Hate answering my own question, but I just realized TLS v1.2 allowed for a newer cipher. Its the cipher that causes Java 8 to use software for handling the encryption aspect instead of using hardware acceleration, and resulting in the horrible speeds.
禁用所有GCM密码服务器的速度与使用CBC密码的Chrome相同。
Disabling all the GCM ciphers on the server resulted in the same speeds as chrome used a CBC cipher.
- Ben
这篇关于Java Server,TLSv1.1快,TLSv1.2极慢(90MByte / sec对4MByte / sec)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
