[
https://issues.apache.org/jira/browse/HTTPCLIENT-2328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848888#comment-17848888
]
Oleg Kalnichevski commented on HTTPCLIENT-2328:
-----------------------------------------------
[~Zoe Wang] The Java classic i/o model has a well-known limitation: there is no
_efficient_ way of reading from and writing to the same socket at the same
time. While the process is busy writing out data it is unable to react to _any_
incoming events on the same socket. What one can do is solve the problem is to
perform an extra short read after each chunk of data written to the socket but
this has a substantial performance penalty.
We provide a ResponseOutOfOrderStrategy so one can configure HttpClient to
monitor connection for out-of-sequence events, but it is disabled (no op) by
default. It needs to be explicitly enabled.
{code:java}
final PoolingHttpClientConnectionManager cm =
PoolingHttpClientConnectionManagerBuilder.create()
.setConnectionFactory(ManagedHttpClientConnectionFactory.builder()
.responseOutOfOrderStrategy(MonitoringResponseOutOfOrderStrategy.INSTANCE)
.build())
.build();
try (CloseableHttpClient httpclient = HttpClients.custom()
.setConnectionManager(cm)
.build()) {
for (final URIScheme uriScheme : URIScheme.values()) {
final ClassicHttpRequest request = ClassicRequestBuilder.get()
.setHttpHost(new HttpHost(uriScheme.id, "httpbin.org"))
.setPath("/headers")
.build();
System.out.println("Executing request " + request);
httpclient.execute(request, response -> {
System.out.println("----------------------------------------");
System.out.println(request + "->" + new StatusLine(response));
EntityUtils.consume(response.getEntity());
return null;
});
}
}
{code}
Oleg
> Request hangs if TLS 1.3 connection is half-closed
> ---------------------------------------------------
>
> Key: HTTPCLIENT-2328
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2328
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.14, 5.3.1
> Reporter: Zoe Wang
> Priority: Major
> Attachments: HalfCloseApache5Client.Java, HalfCloseServer.java,
> TlsHalfCloseApache4.java, keystore.jks
>
>
> If a server with TLS 1.3 support closes the connection during the request,
> more specifically, sending close_notify while the client is still writing to
> socket, the request will hang indefinitely. It's not an issue with TLS 1.2
> because it uses duplex-close policy. With TLS 1.3's half-closed connection
> policy, it seems Apache HTTP client is not able to detect connection closure
> properly. We are able to reproduce the issue with both 4.x and 5.x. I should
> note that HTTP URL connection does not have this issue.
> The workaround it to set `jdk.tls.acknowledgeCloseNotify` to true (see
> [https://bugs.openjdk.org/browse/JDK-8208526]), but that would require a lot
> of users to make changes on their side.
>
> Steps to repro:
> * Download the attached keystore file
> * Update ksPath in the server code HalfCloseServer.java to where you
> download the keystore
> * Run the server, the server will begin listening on {{localhost:8081}}
> * Create a random file of size 128MB and update client code "testFile" to
> where the file is.
> * Run the client, it should hang
> ** If System.setProperty("jdk.tls.acknowledgeCloseNotify", "true") is
> uncommented, it will not hang
> ** It also won’t hang if we we force TLS1.2
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
