Troubleshooting
Problem
WebSphere Application Server users will experience performance degradation with a default SSL cipher. Vulnerable RC4 ciphers are now removed from the default SSL cipher list, where AES and 3DES ciphers remain. Hence, encryption and decryption overhead increases as stronger default ciphers are used.
Symptom
Lower throughput and higher CPU utilization will occur due to higher overhead from stronger default SSL ciphers.
In addition, highest encryption and decryption overhead will be experienced on hardware which lacks instructions sets optimized for encryption algorithms like AES.
Cause
Increased encryption and decryption overhead derives from using a stronger default SSL cipher.
Environment
WebSphere Application Server users who use a default SSL cipher.
Diagnosing The Problem
Throughput and CPU utilization measurements will help determine that SSL has a higher overhead. Also, a JVM profile can show that such overhead is confined to SSL message encryption and decryption calls.
Resolving The Problem
Higher overhead is a necessary trade-off for using stronger encryption algorithms. RC4 ciphers are considered to be vulnerable. Thus, we recommend that WebSphere Application Server users employ secure ciphers, like those available in the default SSL cipher list.
Also, WebSphere Application Server users can verify whether their hardware processors support instruction sets which improve the speed of stronger encryption algorithms like AES.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21957774