Bug #9459

Net::HTTP initializes openssl library after TCP connection is established

Added by Josh C almost 2 years ago. Updated almost 2 years ago.

Assignee:Yui NARUSE
ruby -v:ruby 1.8.7 (2012-02-08 patchlevel 358) [universal-darwin12.0] Backport:1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN


When making an HTTPS connection, the Net::HTTP#connect method makes the following calls:

  1. TCPSocket.new
  2. OpenSSL:SSL::SSLContext.new
  3. OpenSSL:SSL:SSLSocket.connect

Here is a link to the 2.1.0 version, though the basic sequence is the same in trunk and as far back as 1.8.7, possibly earlier.

The problem is that between step 1 and 3, the server must keep the TCP socket open while the SSL client calls OpenSSL:SSL::SSLContext.new. The first time this code path is taken, step 2 has the side effect of initializing the OpenSSL library. This can take a non-trivial amount of time, and is made worse when several clients start at the same time.

I would suggest that the order of operations be switched to:

  1. OpenSSL:SSL::SSLContext.new
  2. TCPSocket.new
  3. OpenSSL:SSL:SSLSocket.connect

I've attached a patch that shows this. It is based off of trunk.

Thank you

net_http_connect.patch Magnifier (742 Bytes) Josh C, 01/29/2014 05:50 AM


#1 Updated by Tomoyuki Chikanaga almost 2 years ago

  • Status changed from Open to Assigned

Also available in: Atom PDF