public class TLSDecoder
extends com.hazelcast.internal.networking.InboundHandler<ByteBuffer,ByteBuffer>
A OutboundHandler responsible
for decoding TLS traffic.
This TLSDecoder will decode to the application buffer and then it will get copied
to the dst buffer. Although this requires a useless copy, directly decoding to the
dst buffer has some serious implications. There is a very significant performance
drop for the SSLEngine if this is done.
Normally the dst ByteBuffer will be the buffer used for decoding, so no
intermediate copy of the data is needed as was the case in HZ 3.10 and older.
But if the dst ByteBuffer is too small to decode, an intermediate 'appBuffer'
will be used for decoding purposes. So src->appBuffer->dst. This is a very
concrete problem with the ProtocolDecoder that only has a buffer of 3 bytes,
and will not be accepted by the SSLEngine for unwrapping even though there
might only 3 bytes to decode.
The TLS decoder should have preferable a large src buffer; if this buffer is
used to read data from the socket, it should read as much data as possible without
needing to go to the socket again.
However the dst buffer should not be a lot bigger than the packetBuffer size; because
we want to push the decoded bytes through the pipeline as fast as possible.
Ideally the TLSDecoder would not be creating the src buffer; but the destination
buffer.