openHAB GUI very slow over HTTPS

I have openHAB running on a BananaPi. Whenever I try to access the GUI via my laptop or iOS over HTTPS there’s delays of 10-30s between getting the site to load or to move through group and items.

What’s odd is I have no delays when accessing via HTTP with no SSL.

Whenever I try to access via HTTPS/SSL I see the following line in the openhab.log.

2016-06-28 21:31:54.510 [WARN ] [org.eclipse.jetty.io.nio ] - javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

BananPi OS:
$ uname -a
Linux media-pi 3.4.90 #2 SMP PREEMPT Tue Aug 5 14:11:40 CST 2014 armv7l armv7l armv7l GNU/Linux

I see that warning all the time. I don’t think it is relevant to what you are seeing.

What is the CPU doing on your Pi when serving an SSL request? Is it pegged at 100% or doing nothing?

I don’t think that warning message has something to do with https/ssl directly:
I too see this message very often, but only when my son connects with his iPhone, I don’t see that message when other family members are connecting via Android or any browser (over https).
So it seems to be related to ssl, but only with iOS.

You’re right. CPU % usage is spiking dramatically when accessing via HTTPS.

When I access the GUI (tested via Chrome) and see a delay, my CPU % spikes between 100-200% with about 4 openHAB processes running each taking approx. 48% CPU%.

Oddly I do see the same WARN error in openhab.log if I access via HTTPS using iOS or Chrome on both a laptop and iPhone.

Tested just again:
Firefox, Win 10, accessing https, no warn message in log.
Chrome, Win 10, accessing https: warn message in log (never tested that before).
AND: in Chrome I get a message (translated): unsecure connection, the https in the status line is crossed out with a red line.

Maybe this helps to narrow down the problem …

The CPU spike implies to me that either the Banana Pi doesn’t have hardware acceleration for encryption or something else weird is going on causing it to be unable to encrypt the traffic. I’d open an issue on github about this to see if there is a bug in the SW or if it can be overcome through the software.

I ran into similar performance issues with my Raspberry Pi 2-based setup. I think that the delay is caused by processing the key exchange. My solution was to route SSL to my Raspberry Pi 2 through haproxy running on a full-power server on my network. That server does ssl offloading, i.e., it communicates with the client via SSL but communication with the Raspberry Pi 2 is not encrypted.

It must be to do with how openHAB implements SSL then. I run a few other applications on my box like webmin which I believe all use OpenSSL. There seems to be no performance impacts on using these services when using HTTPS.

I’ll log an issue report on GitHub and hopefully get it resolved.

I tried posting this as an issue on GitHub as suggested but the issue got closed a day later and I was informed to post in the forums first. Which I’ve done with this thread.

Is there anything else anyone can suggest?