[jira] [Commented] (HTTPCORE-775) The SSLIOSession::write does not handle SSLEngineResult#BUFFER_OVERFLOW

Tue, 14 Jan 2025 11:10:17 -0800 


    [ 
https://issues.apache.org/jira/browse/HTTPCORE-775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913030#comment-17913030
 ] 

ASF subversion and git services commented on HTTPCORE-775:
----------------------------------------------------------

Commit 0ab5faf7565917e94f0830ccfad927891f8c251d in httpcomponents-core's branch 
refs/heads/master from Andriy Redko
[ https://gitbox.apache.org/repos/asf?p=httpcomponents-core.git;h=0ab5faf75 ]

HTTPCORE-775: The SSLIOSession::write does not handle 
SSLEngineResult#BUFFER_OVERFLOW

Signed-off-by: Andriy Redko <drr...@gmail.com>


> The SSLIOSession::write does not handle SSLEngineResult#BUFFER_OVERFLOW
> -----------------------------------------------------------------------
>
>                 Key: HTTPCORE-775
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-775
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore
>    Affects Versions: 5.3.1
>            Reporter: Andriy Redko
>            Priority: Major
>             Fix For: 5.3.3, 5.4-alpha1
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> In Apache CXF, we have received an issue from the user 
> (https://issues.apache.org/jira/browse/CXF-9093) that HTTP client (backed by 
> Apache HttpClient 5.4.1 / Apache HttpCore 5.3.1) basically hangs with 
> payloads > 2.5kb and TLSv1.3.
> It turned out that the problem is SSLIOSession::write method (more 
> specifically, 
> https://github.com/apache/httpcomponents-core/blob/master/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java#L672)
>  that does not handle SSLEngineResult#BUFFER_OVERFLOW, causing the processing 
> loop to stuck. In this case, the buffer is limited by getPacketSize() 
> (~16Kb). There is a mitigation (pass 
> -Djsse.SSLEngine.acceptLargeFragments=true) but it is also limited to a bit 
> larger requests.
> We have crafted a CXF specific test cases which reproduce the issue very 
> reliably (https://github.com/apache/cxf/pull/2214). I am happy to work on the 
> fix (if the issue makes sense) or provide minimal reproducer (if the team is 
> interested to pick it up). 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to