Search code examples
javaspringperformancesslrmi

Java RMI with SSL - performance / frequency of SSL handshakes

I am setting up a solution to connect 2 java applications using RMI. They both use Spring. Currently the 2 components, which will be later on put to different servers and communicating together remotely, are in THE SAME application (JVM), but one part has to be extracted, put to another server and communicate with the original application remotely. There are 3 main requirements:

1) We want to have the communication a fast as possible
2) We want to be able to do the remote communication with minimum extra coding (such as adding additional layer to transform request to XML/JSON and communicate via webservices)
3) We need to have the communication secured by SSL (on both sides)

RMI seems to be ideal solution to comply with all 3 requirements. It should be pretty fast (according to http://daniel.gredler.net/2008/01/07/java-remoting-protocol-benchmarks/), pretty easy to set up (especially in Spring) and possible to configure to use SSL as well (by using SslRMIServerSocketFactory / SslRMIServerClientFactory in Spring RmiServiceExporter). The "tight coupling" is not an issue for as in this case, because the two components are really just internal, with minimal chance of future reuse.

However, we have some doubts about the performance overhead when using RMI with SSL (original above mentioned benchmark tested the communication WITHOUT SSL). I was not able to find anywhere, HOW THE RMI with SSL actually works, namely if it has to perform full SSL handshake for every remote method call. If it does, there would be probably quite big performance overhead and the solution might not comply with requirement 1.

Question is - is Java RMI with SSL doing a full SSL handshake on every method call by default?
And if yes, are there any ways to optimize the communication not to do it (something like SSL session reuse...)?
Or maybe we can use even completely another solution to achieve optimal speed over SSL with minimal extra coding (I have Spring HttpInvoker in mind, it should be almost as fast as RMI - in the default configuration withou SSL - according to the benchmark)?

Anyone having experience with this or being able to find a link to some docs explaining the exact behavior / possible SSL optimization configuration?

Solution

  • is - is Java RMI with SSL doing a full SSL handshake on every method call by default?

    No.

    • There is connection pooling at the client, which allows connections to be reused
    • by default there is only one handshake per connection
    • new connections can resume existing SSL sessions via an abbreviated SSL handshake.

    I refer to the Sun/Oracle implementation of RMI.