This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am using ssl between a client and a web service. I have installed certificates into the key stores and trust stores of both the client and web service. This results in mutual authentication of client and server.
In the client java app, I call a method in the web service, and then use the same Call object to call a different method in the web service.
Between the two method calls, I looked at the ssl debug text and saw the following. I commented out some of the data values just for brevity. My question is: Is this the proper amount of ssl communication after the initial handshake has taken place, or is this too mch ssl communication? It seems like a lot to me. I want the client to run as quickly as possible despite ssl, and want to optimize if possible.
I am not an expert in SSL, but my guess is that the amount of SSL communication you see is perfectly normal and that there is little you can do about it.
This is a problem with using SSL - it is "all or nothing". If you want to improve speed, I would suggest looking at XML encryption, with which you can encrypt selected parts of a SOAP message. You will also have more control over the encryption/decryption with XML encryption - for instance, decryption of the encrypted section of a SOAP message can be deferred to some later point in time.