I have question about SSL on the server side like Tomcat or Oracle app server. My question is when a client initiates a https request say https://server:port/xapp/test.jsp, first thing that happens is SSL negotiation between the client and the server. Though the actual https request is served by some well defined thread say https-thread-1 on the server, is it the same https-thread-1 that does the SSL negotiation (e.g. which involves replying back ServerHello to ClientHello message) ? I believe there must be a thread that would do a SSL nego on the server side but I want to know which thread would do this.
No reply to this ??
I also gave some thoughts to this. Is the SSL negotiation handled by some NIO (event based IO) threads on the server side, can someone confirm ? My problem is that recently in one of the production servers, we encountered an issue wherein if all the http threads on the server side are busy doing some work, initial SSL negotiation is taking long time. Packet capture showed that server sent ServerHello packet 20 secs after receiving the ClientHello packet. If the http thread is very different from the thread that does the SSL nego, why this delay ?