Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-60152

Running Confluence with Oracle Database Native Network Encryption Degrades Performance or Causes Outages

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Highest Highest
    • 7.14.0
    • 6.0.1, 6.13.10, 6.15.1, 7.0.1, 7.4.0
    • Security
    • None

      Issue Summary

      Oracle provides a feature called Native Network Encryption: ORACLE-BASE - Native Network Encryption for Database Connections This feature was previously part of the Advanced Security Option license, and provides connection encryption without requiring client side configuration.

      When this feature is enabled, it adds 350ms+ to the time required to establish a database connection. This alone will cause noteworthy performance degradation, but when combined with the default database connection pool manager in Confluence, c3p0, it can cause intermittent outages and extreme performance degradation.

      Oracle have stated that this latency is working as intended: Slow Connection Using 12c Client When Network Encryption Is Enabled

      Steps to Reproduce

      1. Install any version of Confluence
      2. Install Oracle DB 11g or later with Native Network Encryption enabled
      3. Introduce load to the system
      4. Monitor Confluence for delayed or timeout responses

      Expected Results

      Confluence should work as per normal.

      Actual Results

      There is a prolonged delay in establishing database connections that causes c3p0 to get stuck in a loop of attempting to obtain additional database connections. As obtaining these database connections is slow, this will take longer than normal.

      Confluence will remain unresponsive until it reaches the c3p0 maximum pool size for the node.

      This issue will not be visible in the logs by default, but the following KB provides additional details on how to diagnose this issue: Confluence Unresponsive Due to High Database Connection Latency

      Workaround

      A workaround is detailed on this KB: Confluence Unresponsive Due to High Database Connection Latency

      However, it may be preferably to implement SSL to the database with proper certificate exchange, or disable Native Network Encryption entirely.

          Form Name

            [CONFSERVER-60152] Running Confluence with Oracle Database Native Network Encryption Degrades Performance or Causes Outages

            Ian Burrows added a comment - - edited

            Yes the backport for LTS 7.13 would also interest us.

            Ian Burrows added a comment - - edited Yes the backport for LTS 7.13 would also interest us.

            dluong What about Jira's latest LTS version (7.13.X)? This bug fix wasn't backported so far. When will this happen?

            Dennis Rankl added a comment - dluong What about Jira's latest LTS version (7.13.X)? This bug fix wasn't backported so far. When will this happen?

            Minh Tran added a comment -

            A fix for this issue is available to Server and Data Center customers in Confluence 7.14.0
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Minh Tran added a comment - A fix for this issue is available to Server and Data Center customers in Confluence 7.14.0 Upgrade now or check out the Release Notes to see what other issues are resolved.

              dluong Duy Truong Luong
              jponting James Ponting
              Affected customers:
              3 This affects my team
              Watchers:
              36 Start watching this issue

                Created:
                Updated:
                Resolved: