0

We were using DropWizard 1.1.6 (which comes with Jetty 9.4.6), and then we moved to Dropwizard 1.3.5(which comes with Jetty 9.4.11).

When doing couple of performance benchmark runs, we saw a clear latency increase in our APIs(which accepts Http requests in Json and calling couple of backend Http services) and didn't meet our previous SLA.

So we kept Dropwizard 1.3.5 as is, but packed Jetty 9.4.6 back. With that we see some improvement.

Have anybody noticed such 2x-3x latency increase(about total >500ms) in these jetty versions/dropwizard ?

Subash
  • 11
  • 2
  • 1
    Jetty 9.4.6 is vulnerable and has multiple CVE's associated with it. It also has bugs with HTTP handling that doesn't finish responses properly. Your not comparing apples to apples here. – Joakim Erdfelt Jan 14 '19 at 23:33
  • I agree that this is not apple-apple comparison. But to rule out that fact, we kept everything same and just downgrade jetty to make sure Jetty has a problem. But given the type of issues you mentioned, we will definitely consider moving to a latest version lile 9.4.14. – Subash Jan 16 '19 at 13:21
  • If you are using TLS/SSL you also have many vulnerable Cipher Suites disabled in the Jetty 9.4.14 (vs 9.4.6). The performance impact you are seeing can be explained by those changes alone (as the more secure Cipher Suites are not as fast as the vulnerable ones) – Joakim Erdfelt Jan 17 '19 at 20:13
  • If you want to understand the differences, you would be best to start a conversation on either https://accounts.eclipse.org/mailing-list/jetty-users or https://github.com/eclipse/jetty.project/issues (as your question isn't programming related, per the rules for stackoverflow) – Joakim Erdfelt Jan 17 '19 at 20:15

0 Answers0