Project

General

Profile

Feature #9459

Net::HTTP initializes openssl library after TCP connection is established

Added by joshc (Josh C) almost 7 years ago. Updated 29 days ago.

Status:
Assigned
Priority:
Normal
Target version:
-
[ruby-core:60202]
Tags:

Description

When making an HTTPS connection, the Net::HTTP#connect method makes the following calls:

  1. TCPSocket.new
  2. OpenSSL:SSL::SSLContext.new
  3. OpenSSL:SSL:SSLSocket.connect

Here is a link to the 2.1.0 version, though the basic sequence is the same in trunk and as far back as 1.8.7, possibly earlier.

The problem is that between step 1 and 3, the server must keep the TCP socket open while the SSL client calls OpenSSL:SSL::SSLContext.new. The first time this code path is taken, step 2 has the side effect of initializing the OpenSSL library. This can take a non-trivial amount of time, and is made worse when several clients start at the same time.

I would suggest that the order of operations be switched to:

  1. OpenSSL:SSL::SSLContext.new
  2. TCPSocket.new
  3. OpenSSL:SSL:SSLSocket.connect

I've attached a patch that shows this. It is based off of trunk.

Thank you


Files

net_http_connect.patch (742 Bytes) net_http_connect.patch joshc (Josh C), 01/29/2014 05:50 AM

Updated by nagachika (Tomoyuki Chikanaga) over 6 years ago

  • Status changed from Open to Assigned
#2

Updated by naruse (Yui NARUSE) almost 3 years ago

  • Target version deleted (2.2.0)

Updated by jeremyevans0 (Jeremy Evans) 29 days ago

  • Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN)
  • ruby -v deleted (ruby 1.8.7 (2012-02-08 patchlevel 358) [universal-darwin12.0])
  • Tracker changed from Bug to Feature

This appears to still be an issue, though I think this is a feature request and not a bug. I've submitted the patch as a pull request to the net-http repository: https://github.com/ruby/net-http/pull/4

Also available in: Atom PDF