[jira] [Commented] (AMQ-8031) ActiveMQ classic - OpenWire transport connector (nio+ssl) does not actively close silent connections

[Martin Lichtin (Jira)]

    [ 
https://issues.apache.org/jira/browse/AMQ-8031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17189694#comment-17189694
 ] 

Martin Lichtin commented on AMQ-8031:
-------------------------------------

Actually, I see this setting works, for exactly this case, and only for the SSL 
handshake! NIOSSLTransport is used both on client and server-side.
{code:java}
            if (this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                long now = System.currentTimeMillis();
                if (selector == null) {
                    selector = Selector.open();
                    key = channel.register(selector, SelectionKey.OP_READ);
                } else {
                    key.interestOps(SelectionKey.OP_READ);
                }
                int keyCount = selector.select(this.getSoTimeout());
                if (keyCount == 0 && this.getSoTimeout() > 0 && 
((System.currentTimeMillis() - now) >= this.getSoTimeout())) {
                    throw new SocketTimeoutException("Timeout during 
handshake");
                }
                readable = key.isReadable();
            }

{code}
It's triggering the following output in the broker logs:
{code:java}
2020-09-02T22:08:21,593 | WARN  | Service[broker] Task-157 | TransportConnector 
              | vemq.broker.TransportConnector$1  247 | 72 - 
org.apache.activemq.activemq-osgi - 5.15.13 | Could not accept connection from 
null: java.net.SocketTimeoutException: Timeout during handshake (Timeout during 
handshake)
{code}
So I'll add this to the configuration, many thanks for the hint.

The documentation for "soTimeout" seems to be slightly misleading. 
The way I'm reading the code, it's only a "read" timeout for exactly above SSL 
handshake situation.

> ActiveMQ classic - OpenWire transport connector (nio+ssl) does not actively 
> close silent connections
> ----------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-8031
>                 URL: https://issues.apache.org/jira/browse/AMQ-8031
>             Project: ActiveMQ
>          Issue Type: Bug
>            Reporter: Martin Lichtin
>            Priority: Major
>
> ActiveMQ classic - OpenWire transport connector (nio+ssl) does not actively 
> close silent connections.
> This can be reproduced with an SSL enabled Activemq broker, e.g.
> {{<transportConnector name="openwire-ssl" 
> uri="nio+ssl://AMQ-IP:AMQ-PORT?maximumConnections=100" />}}
> Simply opening dummy connections towards this server by using
> {{for i in $(seq 200); do echo $i; ncat --recv-only AMQ-IP AMQ-PORT & done}}
> will cause the server to eventually run out of connections.
> I'd expect "silent" connections to be dropped pretty quickly.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)