Andriy Redko created HTTPCORE-775:
-------------------------------------
Summary: The SSLIOSession::write does not handle
SSLEngineResult#BUFFER_OVERFLOW
Key: HTTPCORE-775
URL: https://issues.apache.org/jira/browse/HTTPCORE-775
Project: HttpComponents HttpCore
Issue Type: Bug
Components: HttpCore
Affects Versions: 5.3.1
Reporter: Andriy Redko
In Apache CXF, we have received an issue from the user
(https://issues.apache.org/jira/browse/CXF-9093) that HTTP client (backed by
Apache HttpClient 5.4.1 / Apache HttpCore 5.3.1) basically hangs with payloads
> 2.5kb and TLSv1.3.
It turned out that the problem is SSLIOSession::write method (more
specifically,
https://github.com/apache/httpcomponents-core/blob/master/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java#L672)
that does not handle SSLEngineResult#BUFFER_OVERFLOW, causing the processing
loop to stuck. In this case, the buffer is limited by getPacketSize() (~16Kb).
There is a mitigation (pass -Djsse.SSLEngine.acceptLargeFragments=true) but it
is also limited to a bit larger requests.
We have crafted a CXF specific test cases which reproduce the issue very
reliably (https://github.com/apache/cxf/pull/2214). I am happy to work on the
fix (if the issue makes sense) or provide minimal reproducer (if the team is
interested to pick it up).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
