[
https://issues.apache.org/jira/browse/HTTPCLIENT-2173?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409541#comment-17409541
]
Oleg Kalnichevski commented on HTTPCLIENT-2173:
-----------------------------------------------
[~horyukova] I deployed the image, ran the test and got the expected message
exchange with curl
{noformat}
oleg@ok2c:~/src/personal/docker_images/async$ curl -v --cacert ./localhost.crt
https://localhost:12345/
* Trying 127.0.0.1:12345...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 12345 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: ./localhost.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=RU; ST=Rus; L=Spb; O=localhost; OU=localhost; CN=localhost;
emailAddress=localhost
* start date: Aug 24 19:38:49 2021 GMT
* expire date: Aug 24 19:38:49 2022 GMT
* common name: localhost (matched)
* issuer: C=RU; ST=Rus; L=Spb; O=localhost; OU=localhost; CN=localhost;
emailAddress=localhost
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x562872544e10)
> GET / HTTP/2
> Host: localhost:12345
> user-agent: curl/7.68.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< server: nginx/1.18.0
< date: Fri, 03 Sep 2021 14:41:42 GMT
<
* Connection #0 to host localhost left intact
{noformat}
I am not sure how it is relevant to the original issue report regarding older
ngnix's behavior with TLS1.2 and http/1.1.
Please clarify.
Oleg
> Connection is unexpectedly closed with http1.1, TLS, old nginx
> ---------------------------------------------------------------
>
> Key: HTTPCLIENT-2173
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2173
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (async)
> Affects Versions: 5.0.4, 5.1
> Environment: nginx version older 1.18.0
> Reporter: Vitalina Komarova
> Priority: Major
> Fix For: 5.1.1, 5.2-alpha1
>
> Attachments: broken_async_5_1.txt, broken_async_snapshot.txt,
> ok_async_without_body_5_1.txt, ok_sync_5_1.txt
>
>
> Hello.
> We use AsyncHttpClient from Apache HttpClient5 (version 5.1).
> We faced an error when connection is unexpectedly closed using TLS, forced
> HTTP/1.1, and nginx version older 1.18.0.
> In the log below the server responds with 200 OK and an empty body.
> We can see response headers but connection is prematurely closed.
> {code}
> [2021-08-16T20:22:50.950+03:00] … [headers] c-0000000000 << HTTP/1.1 200 OK
> [2021-08-16T20:22:50.950+03:00] … [headers] c-0000000000 << Server: nginx
> [2021-08-16T20:22:50.950+03:00] … [headers] c-0000000000 << Date: Mon, 16 Aug
> 2021 17:22:50 GMT
> [2021-08-16T20:22:50.951+03:00] … [headers] c-0000000000 << Content-Type:
> text/html; charset=UTF-8
> [2021-08-16T20:22:50.951+03:00] … [headers] c-0000000000 << Connection: close
> [2021-08-16T20:22:50.951+03:00] … [headers] c-0000000000 << Set-Cookie:
> <masked cookie>; expires=Sat, 21-Aug-2021 17:22:50 GMT; Max-Age=432000; path=/
> [2021-08-16T20:22:50.951+03:00] … [headers] c-0000000000 << Expires: Thu, 19
> Nov 1981 08:52:00 GMT
> [2021-08-16T20:22:50.951+03:00] … [headers] c-0000000000 << Cache-Control:
> no-store, no-cache, must-revalidate
> [2021-08-16T20:22:50.951+03:00] … [headers] c-0000000000 << Pragma: no-cache
> [2021-08-16T20:22:50.954+03:00] … [HttpAsyncMainClientExec] ex-0000000001
> consume response HTTP/1.1 200 OK, entity len -9223372036854775807
> [2021-08-16T20:22:50.967+03:00] … [HttpAsyncMainClientExec] ex-0000000001
> execution failed: Connection is closed
> [2021-08-16T20:22:50.968+03:00] … [InternalAbstractHttpAsyncClient]
> ex-0000000001 request failed: Connection is closed
> [2021-08-16T20:22:50.968+03:00] … [PoolingAsyncClientConnectionManager]
> ep-0000000000 close IMMEDIATE
> [2021-08-16T20:22:50.968+03:00] … [DefaultManagedAsyncClientConnection]
> c-0000000000 Shutdown connection IMMEDIATE
> {code}
>
> That happens with the almost default configuration of the HTTP client (only
> versionPolicy and tlsStrategy are configured).
> To reproduce such behavior all of these conditions must be met:
> 1) Server must be accessed via nginx version older 1.18.0 (I tested 1.16.1
> and 1.18.0);
> 2) A request contains a body;
> 3) A response doesn't contain "Content-Length" header;
> 4) TLS is used.
> 5) HTTP/1.1 is used.
>
> I think there is a bug. We've tried httpclient5 (classic, version 5.1) and
> AsyncHttpClient (Netty based). Both of them work correctly.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
