You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (Jira)" <ji...@apache.org> on 2021/07/01 15:09:00 UTC
[jira] [Resolved] (HTTPCLIENT-2165) TCP connections are never
reused when server requires TLS cert auth
[ https://issues.apache.org/jira/browse/HTTPCLIENT-2165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-2165.
-------------------------------------------
Resolution: Invalid
> TCP connections are never reused when server requires TLS cert auth
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-2165
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13
> Environment: Windows, OpenJDK 11
> Reporter: Jan Peter Stotz
> Priority: Major
> Attachments: hc5_testcode.txt
>
>
> While performing test with an non-public web server serving a REST service I noticed that Apapche commons httpclient does not reuse connections in case the server requires HTTPS authentication via client certificate.
> This is my code for initializing the ConnectionManager. The used sslContext is created using the appropriate trust- and keyStore and X509ExtendedKeyManager implementation.
> {{SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, hostNameVerifier);}}
> {{Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create().register("https", factory).build();}}
> {{connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);}}
> {{connManager.setMaxTotal(1000);}}
> {{connManager.setDefaultMaxPerRoute(200);}}
> {{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig = SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}}
> {{connManager.setDefaultSocketConfig(socketConfig);}}
>
> {{The used server is an Undertow instance configured to require SSL client authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUIRED)}}
>
> {{If I disable the client auth mode requirement httpclient just opens up one TCP connection to the server. If I enable https client authentication httpclient opens up to the configured route maximum (200) TCP connections to the server. I observed the same behavior using a different web server implementation.}}
> {{Enabling logging for PoolingHttpClientConnectionManager I can see that httpclient is using the full maximum of 200 connections per route if HTTPS client auth is required by the server (log after making ~1000 HTTP requests):}}
>
> {{No HTTPS client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \{s}->https://localhost:9003][total available: 1; route allocated: 1 of 200; total allocated: 1 of 1000]}}
>
> {{HTTPS Client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \{s}->https://localhost:9003][total available: 200; route allocated: 200 of 200; total allocated: 200 of 1000]}}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org