[jira] [Commented] (CXF-9093) Client does not send entire payload (if size ~> 2500 bytes) when hc5, TLS1.3 are used

Wed, 08 Jan 2025 14:20:05 -0800 


    [ 
https://issues.apache.org/jira/browse/CXF-9093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17911247#comment-17911247
 ] 

John Yin commented on CXF-9093:
-------------------------------

Hi [~reta], I tried -Djsse.SSLEngine.acceptLargeFragments=true (by adding 
environment("jsse.SSLEngine.acceptLargeFragments", "true") to my gradle task) 
against both servers that I had problems with.  Unfortunately, it did not help. 
 The sessions still hang.  Again, if I force the client to use TLS1.2, 
everything would work.  I am using JDK 17 (the Amazon Corretto which is based 
on Hotspot).  

Thanks!

> Client does not send entire payload (if size ~> 2500 bytes) when hc5, TLS1.3 
> are used
> -------------------------------------------------------------------------------------
>
>                 Key: CXF-9093
>                 URL: https://issues.apache.org/jira/browse/CXF-9093
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 4.1.0
>            Reporter: John Yin
>            Priority: Major
>
> With two different servers (one from ServiceNow and one from Zendesk), if my 
> CXF client uses HC5 (cxf-rt-transports-http-hc5-4.1.0.jar is in classpath), 
> the size of the JSON payload + HTTP headers ~> 2500 bytes, and TLS 1.3 is 
> used, then the client would not send the entire payload to server.  Both 
> sides would idle after the SSL handshake and client sends a small packet 
> until either the server closes the connection (resulting 
> connectionClosedException) or client times out, depending on the server 
> configuration.
> If any of the three conditions is changed, i.e., 1) not using hc5, 2) 
> reducing the payload size so that payload+headers < 2000 bytes, or 3) forcing 
> the use of TLS1.2, the problem would go away.  
> This does not happen with every TLS1.3 server.  For some TLS1.3 servers, I 
> have not encountered the issue.
> I am not sure if this is a CXF client problem, but since it happens against 
> two different servers, I thought I should report it to CXF.  My Wireshark log 
> does not reveal much info given that the data are encrypted and I do not have 
> the server's private key.
> Thanks!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to