tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Chan" <ale...@nortelnetworks.com>
Subject SSL Socket does not timeout when no handshake occurs
Date Mon, 12 Jan 2004 05:40:37 GMT
I have found that if a connection is initiated on the SSL port but the
client does not participate in the SSL handshake, the socket seems to hang
around indefinitely. The test I used was to telnet to the secure port
without typing/sending any further data.

When doing the same to the non-secure port, the socket will timeout
according to the connectionTimeout parameter.

I noticed in the code PoolTcpEndPoint.java, in the TcpWorkerThread.runIt()
method, that
endpoint.setSocketOptions(s) is called after
endpoint.getServerSocketFactory().handshake(s).
I tried moving the call to setSocketOptions() before handshake() and the SSL
socket times out according to the connectionTimeout.

As I am a relatively new Tomcat user, I'm not sure what are the
impact/implications of this change.
Any feedback, particularly as to whether you agree this is a problem, would
be most appreciated.

Thanks in advance,
- Alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message