I have worked with NIO quite a bit in the past. It has a high activation energy but once you’re over that initial hump, it’s pretty smooth sailing. I find it difficult not to write non-blocking IO these days.
I recently wrapped up a client / server prototype and I am just beginning to get it ready for a “real world” test. The first thing that I thought of was SSL. So like all good programmers, I brought up Google and typed “NIO SSL”. Much to my chagrin I find that it is not possible to combine NIO,
Selectors and SSL. My first thought was “This must be from the initial 1.4 release. There’s no way that in three years Sun would let NIO rot without SSL.”, so I continued my search.
To make a painful story short, there is no information regarding SSL ever being a possibility with NIO in 1.4. 1.5 will introduce an
SSLEngine to solve the problem, but again, nothing is said if this will be made available for 1.4 users.
For those in the same boat as I am, there are solutions for using
Selectors with SSL such as wrapping a standard stream with a
Pipe. The problem with any wrapped solution is that the connection (which is done with a standard socket) is blocking. Non-blocking connections are one quarter of the problem that you’re typically trying to solve with NIO (the other three being read, write and accept).
I’ll spare you the Sun rant but let’s just say that I’m less that impressed with their decisions to not provide SSL with NIO and to, for all intents and purposes, cover it up. When you read the 1.4 datasheet about NIO and then about JSSE, you get the impression that all is just sunshine, rainbows and lollipops. How can one think that it’s acceptible to provide developers with the ability to “write ultra-scalable, high-performance server applications” without parity with existing sockets? And then, in 3 years, not make up for the discrepancy?
If you’re into conspiracy theories, what do you think about the missing RFE for SSL + NIO? My tin foil hat has been firmly placed on my head!
I’ve been doing a lot of poking around to see if there are freeware implementations of JSSE that support NIO. There aren’t. I did find this interesting link. Given all of my ramblings about features vs. quality, if Sun didn’t ship SSL with NIO due to quality risks then I can buy that. If Sun hasn’t shipped an updated JSSE for NIO due to pervasive changes required then I can buy that too. The length of time between releases is just hard to swallow.
As you may be able to tell, I have moved onto phase three of the Kubler-Ross 5 stages of grief. The initial entry was written while firmly in phase two. I fully expect to be at phase five by mid-day tomorrow and I will begin to find an acceptable solution to my current problems.
- Momentary elation:
- Your Java security IQ
- Debugging JSSE
- Don’t forget to set the cipher suite!
- The angers of not having a common interface
- More NIO depression
OutputStreamNIO wrapper to faciliate Java 1.4 SSL
- NIO and Converted IO performance results
- More NIO and IO performance results
- SSL performance results
- More clients performance results