hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Eckenfels <e...@zusammenkunft.net>
Subject Re: SSL Handshake : timing and timeout
Date Tue, 15 Nov 2016 21:42:25 GMT
Hello,
A loop can IMHO only happen if one site violates thenprotocol and the other does not catch
it. So it is seldom. A request- or header- Timeout would include it. But if you want to also
abort connects in a delayed handshake then you would would need to watch the progress with
a timer or watchdog thread yourself, there is no sslsocket level Timeout for it.
If you detect exceeding timeouts you can close the socket, that will abort all pending operations.
(In some situations it sends ssl shutdown messages if you close a SSL socket so for that reaper
thread it might be better to directly close the physical socket object (to the proxy)
Not sure if http client has a especially rude cancel method to trigger this?
Gruss
Bernd
-- 
http://bernd.eckenfels.net




On Tue, Nov 15, 2016 at 8:52 PM +0100, "Philippe Mouawad" <philippe.mouawad@gmail.com>
wrote:










Hello,
Maybe my thinking is stupid, but isn't there some use cases where SOcket
does not timeout but a loop can occur in handshake ?
My idea is to have a timeout on the handshake process.

Regards

On Sat, Nov 12, 2016 at 4:26 PM, Oleg Kalnichevski  wrote:

> On Fri, 2016-11-11 at 11:01 +0100, Stefan Magnus Landrø wrote:
> > True. The way SSL sockets are created is complex stuff. They are layered
> > and I believe the handshake is async - maybe Oleg could clarify?
> >
>
> There is nothing special or unusual about SSL/TLS handshakes. They
> involve multiple IP packet exchanges over a TCP connection. Standard
> socket settings fully apply.
>
> Oleg
>
> > Anyways - We ran into an issue a few years ago with an SSL handshake
> taking
> > for ever (a switch was dropping packets of a certain size ... ), and
> > tracked our hanging threads down to blocking because the SoTimeout was
> set
> > to 0 by default. Changing this prevented threads from hanging for ever.
> >
> > Ref javadoc:
> >
> > Determines the default socket timeout value for non-blocking I/O
> operations.
> >
> > 2016-11-11 10:01 GMT+01:00 Philippe Mouawad  >:
> >
> > > Thanks but I see not property related to Ssl Handshake timeout.
> > >
> > > Regards
> > >
> > > On Friday, November 11, 2016, Stefan Magnus Landrø <
> > > stefan.landro@gmail.com>
> > > wrote:
> > >
> > > > https://hc.apache.org/httpcomponents-client-ga/
> > > > httpclient/apidocs/org/apache/http/impl/client/
> HttpClientBuilder.html#
> > > > setDefaultSocketConfig(org.apache.http.config.SocketConfig)
> > > >
> > > > 2016-11-11 9:34 GMT+01:00 Philippe Mouawad <
> philippe.mouawad@gmail.com
> > > > >:
> > > >
> > > > > Thank you Stefan
> > > > > Could you point me to some doc ?
> > > > >
> > >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
Cordialement.
Philippe Mouawad.






Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message