hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Isaac Cruz Ballesteros (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCORE-444) When using HTTPS server with NoConnectionReuseStrategy, connections are not closed
Date Thu, 02 Feb 2017 11:37:51 GMT

    [ https://issues.apache.org/jira/browse/HTTPCORE-444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15849815#comment-15849815
] 

Isaac Cruz Ballesteros commented on HTTPCORE-444:
-------------------------------------------------

Oleg,
Thanks for your response, from this page: http://security.stackexchange.com/questions/82028/ssl-tls-is-a-server-always-required-to-respond-to-a-close-notify,
in particular in the second answer: _When the application protocol that goes within the SSL/TLS
tunnel is self-terminated, the close_notify is redundant, and can be dispensed with. Which
is exactly what happens in modern HTTPS_.

While I don't have a strong opinion on that, I have tested using HttpsUrlConnection from JDK
and the connection is not closed until I call urlConnection.disconnect() (and thus closed
by the client), which is not the case when using HTTP where the connection is closed immediately.
This is also the case with a C client using libcurl.

So I understand that the behavior of httpcore is 100% correct, but it seems the HTTPS clients
I tried do not implement that close-notify, meaning that connections are left open until there's
a timeout in either client or server.

Isaac

> When using HTTPS server with NoConnectionReuseStrategy, connections are not closed
> ----------------------------------------------------------------------------------
>
>                 Key: HTTPCORE-444
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-444
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.4.6
>            Reporter: Isaac Cruz Ballesteros
>            Priority: Minor
>
> I have a HTTPS server using NIO, and configured with NoConnectionReuseStrategy so that
connections are immediately closed after download. I'm extending AbstractHttpEntity and implementing
HttpAsyncContentProducer to produce the content which will be sent in response to a GET. When
all the content has been written in produceContent(), I call encoder.complete(). Basically
a basic HTTPS server handling file downloads.
> When using plain HTTP, after all data has been sent, ConnectionReuseStrategy,keepAlive()
gets called, it returns false and the connection is closed immediately from the server.
> But when using HTTPS, keepAlive() is called but it does not close the connection. I have
been following the code from that point, setting a breakpoint in keepAlive(), and I have the
impression that a new handshake is initiated (not 100% sure of this), sending some extra data
which causes the client to send a RST instead of a FIN when closing connection.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message