Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-60152

Running Confluence with Oracle Database Native Network Encryption Degrades Performance or Causes Outages

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Short Term Backlog (View Workflow)
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: 6.0.1, 6.15.1, 7.0.1, 6.13.10, 7.4.0
    • Fix Version/s: None
    • Component/s: Server - Platform
    • Labels:
      None

      Description

      Issue Summary

      Oracle provides a feature called Native Network Encryption: ORACLE-BASE - Native Network Encryption for Database Connections This feature was previously part of the Advanced Security Option license, and provides connection encryption without requiring client side configuration.

      When this feature is enabled, it adds 350ms+ to the time required to establish a database connection. This alone will cause noteworthy performance degradation, but when combined with the default database connection pool manager in Confluence, c3p0, it can cause intermittent outages and extreme performance degradation.

      Oracle have stated that this latency is working as intended: Slow Connection Using 12c Client When Network Encryption Is Enabled

      Steps to Reproduce

      1. Install any version of Confluence
      2. Install Oracle DB 11g or later with Native Network Encryption enabled
      3. Introduce load to the system
      4. Monitor Confluence for delayed or timeout responses

      Expected Results

      Confluence should work as per normal.

      Actual Results

      There is a prolonged delay in establishing database connections that causes c3p0 to get stuck in a loop of attempting to obtain additional database connections. As obtaining these database connections is slow, this will take longer than normal.

      Confluence will remain unresponsive until it reaches the c3p0 maximum pool size for the node.

      This issue will not be visible in the logs by default, but the following KB provides additional details on how to diagnose this issue: Confluence Unresponsive Due to High Database Connection Latency

      Workaround

      A workaround is detailed on this KB: Confluence Unresponsive Due to High Database Connection Latency

      However, it may be preferably to implement SSL to the database with proper certificate exchange, or disable Native Network Encryption entirely.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jponting James Ponting
              Votes:
              1 Vote for this issue
              Watchers:
              13 Start watching this issue

                Dates

                Created:
                Updated: