Dear Jetty Users and supporters
We are using jetty in a project and run it in a OSGi Equinox runtime as the webserver for hosting JAX-RS components.
That all works fine on server, desktops, Cloud nodes, etc.
But in the project we need to run the some runtime on smaller devices like an Raspberry PI model 3.
Because of security requirements we must rely on HTTPS instead of HTTP. But when we change our configuration
from HTTP to HTTPS (using a 4096 byte key) the response times increases significantly from fast enough (t<<1sec)
to very slow (t >>5 sec).
The configuration we use for HTTP is:
-Dtruststore.path=${TRUSTSTORE_LOC}
-Dorg.eclipse.equinox.http.jetty.http.enabled=true
-Dorg.eclipse.equinox.http.jetty.https.enabled=false
-Dorg.eclipse.equinox.http.jetty.ssl.keystore=${KEYSTORE_LOC}/keystore.jks
-Dorg.eclipse.equinox.http.jetty.ssl.password=aquasi
-Dorg.eclipse.equinox.http.jetty.ssl.keypassword=somethin
-Dorg.eclipse.equinox.http.jetty.http.port=80
-Dorg.eclipse.equinox.http.jetty.https.port=443
-Dorg.eclipse.equinox.http.jetty.ssl.wantclientauth=false
-Dkeystore.path=${KEYSTORE_LOC}"
With the java start command where JETTY_PARAM has the above configuration
Java -Declipse.ignoreApp=true -Dosgi.noShutdown=true $JETTY_PARAM -Xms512m -Xmx800m -jar plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar -console 8021 -consoleLog
For https we use the following configuration:
-Dtruststore.path=${TRUSTSTORE_LOC}
-Dorg.eclipse.equinox.http.jetty.http.enabled=false
-Dorg.eclipse.equinox.http.jetty.https.enabled=true
-Dorg.eclipse.equinox.http.jetty.ssl.keystore=${KEYSTORE_LOC}/keystore.jks
-Dorg.eclipse.equinox.http.jetty.ssl.password=aquasi
-Dorg.eclipse.equinox.http.jetty.ssl.keypassword=something
-Dorg.eclipse.equinox.http.jetty.http.port=80
-Dorg.eclipse.equinox.http.jetty.https.port=443
-Dorg.eclipse.equinox.http.jetty.ssl.wantclientauth=false
-Dkeystore.path=${KEYSTORE_LOC}
We just changed the values of http.enabled and https.enabled from true to false and vice versa,
Any idea what can be the reason for the really slow response time using HTTPS?
Any idea and hint is welcome!
Thanks
Harald