[jira] [Resolved] (HTTPCORE-685) I/O dispatch threads spin after lots of TLSv1.3 connections

Sun, 19 Sep 2021 03:06:03 -0700 


     [ 
https://issues.apache.org/jira/browse/HTTPCORE-685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCORE-685.
----------------------------------------
    Resolution: Cannot Reproduce

[~chrisridd] Please re-open the ticket if you find a way of reproducing the 
defect without Qualys software.

Oleg

> I/O dispatch threads spin after lots of TLSv1.3 connections
> -----------------------------------------------------------
>
>                 Key: HTTPCORE-685
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-685
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>    Affects Versions: 4.4.13, 4.4.14
>         Environment: java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64 
> (11.0.2.12+7-LTS on Centos 8).
>            Reporter: Chris Ridd
>            Priority: Major
>         Attachments: AsyncExample.java, SyncExample.java, my.keystore
>
>
> When I run a Qualys VMDR scan against your example {{NHttpFileServer}} 
> server, which is adjusted to only allow TLSv1.3, I see the two I/O-dispatch 
> threads spinning, and a number of sockets (~40) never closing.
> The adjusted example code is attached:  [^AsyncExample.java] 
> The I/O dispatch threads are consistently inside 
> {{SSLIOSession.doHandshake()}} and handshaking is {{true}} and 
> HandshakeStatus is {{NOT_HANDSHAKING}}. The threads seem to enter this code 
> for every "bad" connection, and then repeat it all over again making no 
> progress and keeping the sockets open.
> As far as I see - the Qualys tests are sadly not open source - Qualys is just 
> doing ~ 2000 HTTPS GET requests with different paths, apparently looking for 
> known insecure applications. It is unclear what's special about the failing 
> connections.
> If I run the [^SyncExample.java] server instead, the scan completes 
> successfully.
> If you can suggest any instrumentation that will gain some insights on this 
> problem, I will be happy to assist.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to