helidon icon indicating copy to clipboard operation
helidon copied to clipboard

Published 20 hours ago verified publisher icon helidon-io

Significant time spent in `getPeerCertificates` for HTTPS server

Open yawkat opened this issue 6 months ago • 0 comments

Environment Details

  • Helidon Version: 4.0.2
  • Helidon SE
  • JDK version: 21 from oracle linux
  • OS: Oracle-Linux-9.2-2023.12.08-0

Problem Description

During benchmarking I discovered that helidon spends significant time (~6%) constructing SSLPeerUnverifiedExceptions even in a simple HTTPS server that does not actually care about the client certificates. This is the line: https://github.com/helidon-io/helidon/blob/b3e07094827fb6866f637c857b09790a3aa4124e/webserver/webserver/src/main/java/io/helidon/webserver/http1/Http1Connection.java#L156

This is the relevant stack in the flame graph: image

I can provide the full flame graph if necessary (can't upload it here, ping me at oracle internally), but the problem seems pretty obvious.

Steps to reproduce

App code is here: https://github.com/yawkat/micronaut-http-benchmarks/tree/923392cd416238868c01eea90f6849d6ca841881/test-case-helidon-nima

It's a straight forward HTTPS (HTTP1) REST server. I hit it with a hyperfoil load and run profiling with async-profiler.

yawkat avatar Jan 29 '24 11:01 yawkat