通过SSL连接到LDAP时，Glassfish延迟30秒

Question

我正在尝试使用GlassFish通过SSL连接到我公司的LDAP。除了有时连接需要很长时间外，一切都像预期的那样工作。

启用ssl调试后，我发现Change Cipher Spec有时会有30秒的延迟。延迟的示例如下所示。

[2020-06-18T09:11:51.806+0100] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=32 _ThreadName=Thread-8] [timeMillis: 1592467911806] [levelValue: 800] [[
  http-listener-1(1), WRITE: TLSv1.2 Handshake, length = 40]]

[2020-06-18T09:12:22.030+0100] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=32 _ThreadName=Thread-8] [timeMillis: 1592467942030] [levelValue: 800] [[
  http-listener-1(1), READ: TLSv1.2 Change Cipher Spec, length = 1]]

[2020-06-18T09:12:22.030+0100] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=32 _ThreadName=Thread-8] [timeMillis: 1592467942030] [levelValue: 800] [[
  http-listener-1(1), READ: TLSv1.2 Handshake, length = 40]]

下面是用于连接到LDAP的代码

final Hashtable<String, String> env = new Hashtable<String, String> ();

final String url = "ldaps://" + ldapHostAddress + ":" + ldapPort;

env.put (Context.SECURITY_PROTOCOL, "ssl");
env.put (Context.PROVIDER_URL, url);
env.put (Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put (Context.SECURITY_AUTHENTICATION, "simple");
env.put (Context.SECURITY_PRINCIPAL, principalDN);
env.put (Context.SECURITY_CREDENTIALS, principalPassword);

// Ensure the objectGUID is handled as a binary object, rather than a string.
env.put ("java.naming.ldap.attributes.binary", "objectGUID");

LdapContext connection = new InitialLdapContext (env, null);

从命令行运行这段代码似乎没有受到30延迟的影响，所以我只能假设这是GlassFish的问题。如有任何建议，我们将不胜感激。

Answer 1

事实证明，GlassFish在解析LDAP服务器的DNS名称时偶尔会遇到问题。用IP地址替换DNS名称消除了执行握手时的延迟。