Issue #9459 has been updated by Tomoyuki Chikanaga.

Status changed from Open to Assigned

----------------------------------------
Bug #9459: Net::HTTP initializes openssl library after TCP connection is established
https://bugs.ruby-lang.org/issues/9459#change-45461

* Author: Josh C
* Status: Assigned
* Priority: Normal
* Assignee: Yui NARUSE
* Category: lib
* Target version: current: 2.2.0
* ruby -v: ruby 1.8.7 (2012-02-08 patchlevel 358) [universal-darwin12.0]
* Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
When making an HTTPS connection, the Net::HTTP#connect method makes the following calls:

1. TCPSocket.new
2. OpenSSL:SSL::SSLContext.new
3. OpenSSL:SSL:SSLSocket.connect

Here is a link to the [2.1.0](https://github.com/ruby/ruby/blob/v2_1_0/lib/net/http.rb#L877-L920) version, though the basic sequence is the same in trunk and as far back as 1.8.7, possibly earlier.

The problem is that between step 1 and 3, the server must keep the TCP socket open while the SSL client calls OpenSSL:SSL::SSLContext.new. The first time this code path is taken, step 2 has the side effect of initializing the OpenSSL library. This can take a non-trivial amount of time, and is made worse when several clients start at the same time.

I would suggest that the order of operations be switched to:

1. OpenSSL:SSL::SSLContext.new
2. TCPSocket.new
3. OpenSSL:SSL:SSLSocket.connect

I've attached a patch that shows this. It is based off of trunk.

Thank you

---Files--------------------------------
net_http_connect.patch (742 Bytes)


-- 
http://bugs.ruby-lang.org/