Seeking to improve initial SSL Handshake to HTTPS url from Oracle database. We're seeing a significate delay (10+ seconds) for the initial callout to an HTTPS URL. Subsequent callouts to the same URL host return in under .5 seconds. With java DEBUG=ALL, we see a 9-10 second delay right at the start performing "keyLimits" (see below). After returning from keyLimits, java runs through a long list of "Ingoring" disabled and unsupported cipher suite messages. Can something be done to improve performance in this area of the handshake?
javax.net.ssl|FINE|01|Root Thread|2024-02-23 11:35:17.663 GMT-06:00|SSLContextImpl.java:425|System property jdk.tls.client.cipherSuites is set to 'null'
javax.net.ssl|FINE|01|Root Thread|2024-02-23 11:35:17.716 GMT-06:00|SSLContextImpl.java:425|System property jdk.tls.server.cipherSuites is set to 'null'
javax.net.ssl|FINE|01|Root Thread|2024-02-23 11:35:26.034 GMT-06:00|SSLCipher.java:438|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|FINE|01|Root Thread|2024-02-23 11:35:27.554 GMT-06:00|SSLContextImpl.java:399|Ignore disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|Root Thread|2024-02-23 11:35:27.560 GMT-06:00|SSLContextImpl.java:408|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|FINE|01|Root Thread|2024-02-23 11:35:27.567 GMT-06:00|SSLContextImpl.java:399|Ignore disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|Root Thread|2024-02-23 11:35:27.570 GMT-06:00|SSLContextImpl.java:408|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SQL> exec dbms_output.put_line(dbms_java.getversion)
19.0.0.0.240116
I tried setting jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites to the expected ciphers to reduce cipher volume, but that only seem to make matters worse.