[jira] [Commented] (HTTPCLIENT-2134) HttpClient doesn't reuse TLS 1.2 Session

Mon, 08 Feb 2021 07:48:09 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281156#comment-17281156
 ] 

Oleg Kalnichevski commented on HTTPCLIENT-2134:
-----------------------------------------------

[~m_v_egorov] What is _exactly_ HttpClient does incorrectly in this particular 
case? HttpClient makes no attempts to interfere with TLS session management. It 
merely relies on the default behavior of the active JSSE provider. 

What I can see however is that TLS connections do not seem to be correctly 
terminated which may lead to the client side not re-using active TLS sessions. 
However it do not see how this can be an HttpClient's fault.
{noformat}
2021/02/08 16:44:10:399 CET [DEBUG] DefaultManagedHttpClientConnection - 
http-outgoing-0: Close connection
javax.net.ssl|DEBUG|01|main|2021-02-08 16:44:10.399 
CET|SSLSocketImpl.java:560|duplex close of SSLSocket
javax.net.ssl|DEBUG|01|main|2021-02-08 16:44:10.401 
CET|SSLSocketImpl.java:1623|close the underlying socket
javax.net.ssl|DEBUG|01|main|2021-02-08 16:44:10.402 
CET|SSLSocketImpl.java:1642|close the SSL connection (initiative)
javax.net.ssl|DEBUG|01|main|2021-02-08 16:44:10.402 
CET|SSLSocketImpl.java:728|close inbound of SSLSocket
javax.net.ssl|WARNING|01|main|2021-02-08 16:44:10.403 
CET|SSLSocketImpl.java:581|SSLSocket duplex close failed (
"throwable" : {
  java.net.SocketException: Socket is closed
        at java.base/java.net.Socket.shutdownInput(Socket.java:1539)
        at 
java.base/sun.security.ssl.BaseSSLSocketImpl.shutdownInput(BaseSSLSocketImpl.java:218)
        at 
java.base/sun.security.ssl.SSLSocketImpl.shutdownInput(SSLSocketImpl.java:743)
        at 
java.base/sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:693)
        at 
java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:653)
        at 
java.base/sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:566)
        at 
org.apache.http.impl.BHttpConnectionBase.close(BHttpConnectionBase.java:320)
        at 
org.apache.http.impl.conn.LoggingManagedHttpClientConnection.close(LoggingManagedHttpClientConnection.java:81)
        at 
org.apache.http.impl.conn.CPoolEntry.closeConnection(CPoolEntry.java:70)
        at org.apache.http.impl.conn.CPoolEntry.close(CPoolEntry.java:96)
        at 
org.apache.http.pool.AbstractConnPool.getPoolEntryBlocking(AbstractConnPool.java:334)
        at 
org.apache.http.pool.AbstractConnPool.access$300(AbstractConnPool.java:70)
        at 
org.apache.http.pool.AbstractConnPool$2.get(AbstractConnPool.java:253)
        at 
org.apache.http.pool.AbstractConnPool$2.get(AbstractConnPool.java:198)
        at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.leaseConnection(PoolingHttpClientConnectionManager.java:306)
        at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager$1.get(PoolingHttpClientConnectionManager.java:282)
        at 
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:190)
        at 
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at 
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
        at 
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
        at testing.Testing2.main(Testing2.java:36)}
{noformat}  

Oleg

> HttpClient doesn't reuse TLS 1.2 Session
> ----------------------------------------
>
>                 Key: HTTPCLIENT-2134
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2134
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.13, 5.0.3
>            Reporter: Maxim Egorov
>            Priority: Major
>         Attachments: TestApacheHttpClientApp.java, handshake.log
>
>
> To reproduce run on java 11+:
> java -cp ... -Djavax.net.debug=ssl:handshake TestApacheHttpClientApp
> As you can see from handshake.log file HttpClient always create new tls 
> session.
> The root of problem is support of Extended Master Key Extension in 
> [https://github.com/openjdk/jdk/blob/jdk-11+28/src/java.base/share/classes/sun/security/ssl/ClientHello.java#L497.]
>  The standard jdk HttpURLConnection doesn't be affected this issues because 
> of it sets chc.sslConfig.identificationProtocol equals to HTTPS by default 
> [https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java#L560.]
>  I tried to repeat the same trick (The commented code), but due to the bugs 
> of JDK [https://bugs.openjdk.java.net/browse/JDK-8253368] and may be 
> incorrect implementation of method 
> org.apache.http.impl.BHttpConnectionBase.close it doesn't work.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to