Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop support for windows #897

Open
normanmaurer opened this issue Oct 29, 2024 · 23 comments
Open

Drop support for windows #897

normanmaurer opened this issue Oct 29, 2024 · 23 comments

Comments

@normanmaurer
Copy link
Member

I propose to drop support for windows and just focus on linux / macOS. Users of windows can just use the JDK implementation for SSL

@normanmaurer
Copy link
Member Author

/cc @vietj @slandelle @trustin @chrisvest @ejona86 @franz1981

@franz1981
Copy link

I am not aware of anything bad with it, but let me summon @cescoffier here

@cescoffier
Copy link

+1

@normanmaurer
Copy link
Member Author

/cc @violetagg

@slandelle
Copy link

I’m fine with it. What’s less work for you.

@violetagg
Copy link
Member

+1

@ejona86
Copy link
Member

ejona86 commented Oct 29, 2024

CC @matthewstevenson88 @rmehta19

@ejona86
Copy link
Member

ejona86 commented Oct 29, 2024

CC @kannanjgithub

@vietj
Copy link
Contributor

vietj commented Oct 29, 2024

@normanmaurer I'm fine with that

@chrisvest
Copy link
Member

chrisvest commented Oct 29, 2024

I'm biased, but I'm in favor. We already don't support any native transports for Windows.

@zekronium
Copy link
Contributor

zekronium commented Nov 19, 2024

Isin't the windows JDK implementation much worse performance wise than BoringSSL?

@normanmaurer
Copy link
Member Author

@zekronium maybe ? Honestly I don't know ... That said no-one of our core developers has any use-case for windows so I feel we should better invest our energy in things that matter to us :)

@normanmaurer
Copy link
Member Author

@ejona86 so any concerns from the GRPC side or not ?

@trustin
Copy link
Member

trustin commented Nov 20, 2024

I'm fine with dropping Windows support, but I'm curious about why. Is it because of complex build and release process?

@zekronium
Copy link
Contributor

Windows seems least complex to build atleast for me. What is windows specific here that requires/required significant amount of maintenance work?

@normanmaurer
Copy link
Member Author

It's more about that if something does not work no-one will be able to fix it...

@zekronium
Copy link
Contributor

Has that happened?

@ejona86
Copy link
Member

ejona86 commented Dec 4, 2024

Since it's been quite a while since I checked, on Linux with a random gRPC throughput benchmark (TransportBenchmark.streamingCallsByteThroughput) running on my relatively old laptop, I see:

Implementation Performance
JDK 8 ~240 MB/s
JDK 11 ~360 MB/s
JDK 17 ~530 MB/s
JDK 21 ~500 MB/s
JDK 8 w/ tcnative ~600 MB/s
JDK 8 w/ Conscrypt ~600 MB/s
JDK 21 w/ tcnative ~590 MB/s

Not intended to be scientific. I didn't check what ciphers were selected. Assuming this to be a "best case" scenario and anything halfway resembling this on Windows, Java 8/11 users would easily notice dropping tcnative. I think in gRPC we'd look at using Conscrypt even when it isn't installed as a security provider.

@zekronium
Copy link
Contributor

What about JDK21 + tcnative @ejona86

@ejona86
Copy link
Member

ejona86 commented Dec 4, 2024

@zekronium, I had assumed it'd be basically the same as JDK8+tcnative. I just ran a test and saw ~590 MB/s. That's essentially the same given the noise in my test. I've updated the table.

@zapek
Copy link

zapek commented Dec 21, 2024

tcnative works fine on Windows, I use it for my project. Also it's open source so anyone can fix it, if needed.

I would understand if it was a pain to maintain and it was frequently broken but it doesn't seem to be the case.

@zapek
Copy link

zapek commented Jan 2, 2025

Well, actually after doing some benchmarks I didn't see much speed differences between SslProvider.JDK and Sslprovider.OPENSSL_REFCNT so I removed it (as a bonus, it's easier to build the docker image and I don't have to cleanup the DLLs left over in Windows' temp folder).

@valodzka
Copy link

valodzka commented Jan 9, 2025

I rely on tcnative on Windows for accessing advanced TLS/cryptographic features through OpenSSL/BoringSSL that aren't available in the JDK's default provider. While I understand maintaining Windows support requires additional resources, I'd strongly advocate for retaining it unless there are major technical blockers, as it enables important security capabilities beyond the JDK's native functionality.

While I'm not an expert in Java/native integration, I'm willing to contribute to resolving Windows-specific issues if problems arise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests