tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: SSL Socket does not timeout when no handshake occurs
Date Tue, 13 Jan 2004 05:12:37 GMT
Your patch has been applied, and will be available in TC 5.0.17 & 4.1.30.

----- Original Message ----- 
From: "Alex Chan" <alexch@nortelnetworks.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: Sunday, January 11, 2004 9:40 PM
Subject: SSL Socket does not timeout when no handshake occurs


> I have found that if a connection is initiated on the SSL port but the
> client does not participate in the SSL handshake, the socket seems to hang
> around indefinitely. The test I used was to telnet to the secure port
> without typing/sending any further data.
>
> When doing the same to the non-secure port, the socket will timeout
> according to the connectionTimeout parameter.
>
> I noticed in the code PoolTcpEndPoint.java, in the TcpWorkerThread.runIt()
> method, that
> endpoint.setSocketOptions(s) is called after
> endpoint.getServerSocketFactory().handshake(s).
> I tried moving the call to setSocketOptions() before handshake() and the
SSL
> socket times out according to the connectionTimeout.
>
> As I am a relatively new Tomcat user, I'm not sure what are the
> impact/implications of this change.
> Any feedback, particularly as to whether you agree this is a problem,
would
> be most appreciated.
>
> Thanks in advance,
> - Alex
>


Mime
View raw message