Hi
I'm configing SSL to support HTTPS on TOMCAT 5.5. So I referred to "http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html" which elaborates on how to implement SSL.
Document describe two ways to implement SSL namely APR implementation, JSSE implementation. I wonder the difference between them, including their shortcomings and advantages.
Regards Thanks
The difference is that the JDK is using it's own SSL implementation, while the APR it's using what's installed on the computer, i.e. OpenSSL in most cases.
If you have low to medium traffic for https, the Java solution is just fine, but for very heavy loading (e.g. when most pages run on https), the OpenSSL native solution is much better, and it can be recompiled and optimized, so it will run even faster and consume less resources. The main disadvantage of APR+OpenSSL however is that it requires more configuration and tuning + testing, the Java version working simply out-of-the box.
What I usually do, is to always use the default Java SSL solution together with monitoring tools, and if the traffic turns heavy, than, and only than spend the effort to tune the APR solution.