Chris Ridd created HTTPCORE-685:
-----------------------------------
Summary: I/O dispatch threads spin after lots of TLSv1.3
connections
Key: HTTPCORE-685
URL: https://issues.apache.org/jira/browse/HTTPCORE-685
Project: HttpComponents HttpCore
Issue Type: Bug
Components: HttpCore NIO
Affects Versions: 4.4.14, 4.4.13
Environment: java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64
(11.0.2.12+7-LTS).
Reporter: Chris Ridd
Attachments: AsyncExample.java, SyncExample.java
When I run a Qualys VMDR scan against your example {{NHttpFileServer}} server,
which is adjusted to only allow TLSv1.3, I see the two I/O-dispatch threads
spinning, and a number of sockets (~20) never closing.
The adjusted example code is attached: [^AsyncExample.java]
The I/O dispatch threads are consistently inside {{SSLIOSession.doHandshake()}}
and handshaking is {{true}} and HandshakeStatus is {{NOT_HANDSHAKING}}. The
threads seem to enter this code for every "bad" connection, and then repeat it
all over again making no progress and keeping the sockets open.
As far as I see - the Qualys tests are sadly not open source - Qualys is just
doing ~ 2000 HTTPS GET requests with different paths, apparently looking for
known insecure applications. It is unclear what's special about the failing
connections.
If I run the [^SyncExample.java] server instead, the scan completes
successfully.
If you can suggest any instrumentation that will gain some insights on this
problem, I will be happy to assist.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
