NIO and SSL

I have worked with NIO quite a bit in the past. It has a high activation energy but once you’re over that initial hump, it’s pretty smooth sailing. I find it difficult not to write non-blocking IO these days.

I recently wrapped up a client / server prototype and I am just beginning to get it ready for a “real world” test. The first thing that I thought of was SSL. So like all good programmers, I brought up Google and typed “NIO SSL”. Much to my chagrin I find that it is not possible to combine NIO, Selectors and SSL. My first thought was “This must be from the initial 1.4 release. There’s no way that in three years Sun would let NIO rot without SSL.”, so I continued my search.

To make a painful story short, there is no information regarding SSL ever being a possibility with NIO in 1.4. 1.5 will introduce an SSLEngine to solve the problem, but again, nothing is said if this will be made available for 1.4 users.

For those in the same boat as I am, there are solutions for using Selectors with SSL such as wrapping a standard stream with a Pipe. The problem with any wrapped solution is that the connection (which is done with a standard socket) is blocking. Non-blocking connections are one quarter of the problem that you’re typically trying to solve with NIO (the other three being read, write and accept).

I’ll spare you the Sun rant but let’s just say that I’m less that impressed with their decisions to not provide SSL with NIO and to, for all intents and purposes, cover it up. When you read the 1.4 datasheet about NIO and then about JSSE, you get the impression that all is just sunshine, rainbows and lollipops. How can one think that it’s acceptible to provide developers with the ability to “write ultra-scalable, high-performance server applications” without parity with existing sockets? And then, in 3 years, not make up for the discrepancy?

If you’re into conspiracy theories, what do you think about the missing RFE for SSL + NIO? My tin foil hat has been firmly placed on my head!

Follow up:

I’ve been doing a lot of poking around to see if there are freeware implementations of JSSE that support NIO. There aren’t. I did find this interesting link. Given all of my ramblings about features vs. quality, if Sun didn’t ship SSL with NIO due to quality risks then I can buy that. If Sun hasn’t shipped an updated JSSE for NIO due to pervasive changes required then I can buy that too. The length of time between releases is just hard to swallow.

As you may be able to tell, I have moved onto phase three of the Kubler-Ross 5 stages of grief. The initial entry was written while firmly in phase two. I fully expect to be at phase five by mid-day tomorrow and I will begin to find an acceptable solution to my current problems.

Related Entries

Advertisements

10 comments

  1. Very good article. It’s these kinds of articles that display an up-to-date knowlegeability. A real research time saver. (And ass saver I might add)
    -Mark

  2. Thank you Mark. If there is any missing information or clarifications I would make please let me know and I will make the appropriate changes.
    I just recently got the OK to release the code I have to facilitate 1.4 NIO and SSL under the LGPL from the company with whom I work. Expect to see a link within a week or so.

  3. The wrapper creates non-blocking selectable channels from IO streams. The solution provided uses Pipes as described in:
    http://www.mail-archive.com/juglist@trijug.org/msg00867.html
    The wrapper only addresses the channel aspect of NIO (i.e. reading and writing). Little can be done (without creating a new NIO provider) to handle the connect and accept aspects.
    The performance results of the wrapper “aren’t bad” and application specific optimizations can be made (which is why it’s currently “boiler plate” code rather than a library) to bring up performance further.
    If I can be of further help, please let me know.

  4. Thanks for the comment Vicenc. What’s odd is that I’m almost *positive* that I tried that and got spurious results. I’m going to have to go back through my old code and see what is what.
    If in fact this does work, then that’s just freakin’ great!
    Thanks for the post!!!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s