Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2206

SSL handshake problems are hard to diagnose

    Details

    • Type: Improvement
    • Status: Dev backlog
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.6.2
    • Fix Version/s: None
    • Component/s: core server
    • Labels:
      None
    • Environment:
      SPARC T-4 with hardware crypto
    • Support Ticket IDs:

      Description

      The customer reported issue was that some LDAPS connections seemed to take a few seconds to establish, and apparently the entire DJ server was unresponsive during this time.

      It was too difficult to capture a jstack due to the problem being infrequent. Enabling SSL debugging would have resulted in too much logging on a production system.

      Some kind of additional debug logging would have been helpful, though it isn't clear what. Perhaps logging the SSL handshake states?

      The issue was resolved by disabling Java's use of the crypto hardware. This is similar to OPENDJ-68, but the symptoms seem different.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                matthew Matthew Swift
                Reporter:
                cjr Chris Ridd
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: