Feature #9459
closed
Net::HTTP initializes openssl library after TCP connection is established
Description
When making an HTTPS connection, the Net::HTTP#connect method makes the following calls:
- TCPSocket.new
- OpenSSL:SSL::SSLContext.new
- OpenSSL:SSL:SSLSocket.connect
Here is a link to the 2.1.0 version, though the basic sequence is the same in trunk and as far back as 1.8.7, possibly earlier.
The problem is that between step 1 and 3, the server must keep the TCP socket open while the SSL client calls OpenSSL:SSL::SSLContext.new. The first time this code path is taken, step 2 has the side effect of initializing the OpenSSL library. This can take a non-trivial amount of time, and is made worse when several clients start at the same time.
I would suggest that the order of operations be switched to:
- OpenSSL:SSL::SSLContext.new
- TCPSocket.new
- OpenSSL:SSL:SSLSocket.connect
I've attached a patch that shows this. It is based off of trunk.
Thank you
Files
Updated by nagachika (Tomoyuki Chikanaga) over 9 years ago
- Status changed from Open to Assigned
Updated by
Updated by jeremyevans0 (Jeremy Evans) almost 3 years ago
- Tracker changed from Bug to Feature
- ruby -v deleted (
ruby 1.8.7 (2012-02-08 patchlevel 358) [universal-darwin12.0]) - Backport deleted (
1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN)
This appears to still be an issue, though I think this is a feature request and not a bug. I've submitted the patch as a pull request to the net-http repository: https://github.com/ruby/net-http/pull/4
Updated by jeremyevans0 (Jeremy Evans) over 2 years ago
- Status changed from Assigned to Closed