You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Matthew Churcher <ma...@realvnc.com> on 2011/01/21 15:17:08 UTC
TLS close handshake
Hi All,
HttpClient appears to be closing https connections without completing the
TLS close handshake. This is reported by our server but also the JCCE
debugging on the client. I'm using 4.1-beta1, does this occur in other
peoples experience and is it to be expected?
I understand that httpclient is using the standard java SSL implementation
but is there any workaround to ensure TLS/SSLv3 connections are closed
successfully.
Best regards and thanks in Advanced, Matt
Matthew Churcher
Software Test Engineer
RealVNC Ltd
Email: matthew.churcher@realvnc.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: TLS close handshake
Posted by Matthew Churcher <ma...@realvnc.com>.
Thanks Oleg, That looks promising I'll look in to it.
Cheers, Matt.
Matthew Churcher
Software Test Engineer
RealVNC Ltd
Email: matthew.churcher@realvnc.com
-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: 21 January 2011 15:58
To: HttpClient User Discussion
Subject: Re: TLS close handshake
On Fri, 2011-01-21 at 14:17 +0000, Matthew Churcher wrote:
> Hi All,
>
> HttpClient appears to be closing https connections without completing the
> TLS close handshake. This is reported by our server but also the JCCE
> debugging on the client. I'm using 4.1-beta1, does this occur in other
> peoples experience and is it to be expected?
>
> I understand that httpclient is using the standard java SSL implementation
> but is there any workaround to ensure TLS/SSLv3 connections are closed
> successfully.
>
> Best regards and thanks in Advanced, Matt
>
>
> Matthew Churcher
> Software Test Engineer
> RealVNC Ltd
> Email: matthew.churcher@realvnc.com
>
>
Matthew
HttpClient has no control over low level aspects of the TLS/SSL
protocol. It relies on the API provided by JSSE to open and close secure
connections. If an TLS connection does not correctly complete its part
of the close handshake this is more likely to be an issue with JSSE than
HttpClient itself.
There is one special case, though. If persistent TLS connections are
kept in the pool, they are unable to react to TLS protocol events (or
any I/O events for that matter). If the opposite endpoint decides to
terminate the connection and initiates the TLS close handshake, the
client endpoint may be unable to react while it sits idle in the pool.
In this case the server endpoint is likely to end up forcibly shutting
down the connection and complaining about TLS close handshake failure.
In this case one might want to pro-actively evict connections after a
certain period of inactivity. For details see this stackoverflow post:
http://stackoverflow.com/questions/4724193/how-can-i-ensure-that-my-httpclient-4-1-does-not-leak-sockets
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: TLS close handshake
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2011-01-21 at 14:17 +0000, Matthew Churcher wrote:
> Hi All,
>
> HttpClient appears to be closing https connections without completing the
> TLS close handshake. This is reported by our server but also the JCCE
> debugging on the client. I'm using 4.1-beta1, does this occur in other
> peoples experience and is it to be expected?
>
> I understand that httpclient is using the standard java SSL implementation
> but is there any workaround to ensure TLS/SSLv3 connections are closed
> successfully.
>
> Best regards and thanks in Advanced, Matt
>
>
> Matthew Churcher
> Software Test Engineer
> RealVNC Ltd
> Email: matthew.churcher@realvnc.com
>
>
Matthew
HttpClient has no control over low level aspects of the TLS/SSL
protocol. It relies on the API provided by JSSE to open and close secure
connections. If an TLS connection does not correctly complete its part
of the close handshake this is more likely to be an issue with JSSE than
HttpClient itself.
There is one special case, though. If persistent TLS connections are
kept in the pool, they are unable to react to TLS protocol events (or
any I/O events for that matter). If the opposite endpoint decides to
terminate the connection and initiates the TLS close handshake, the
client endpoint may be unable to react while it sits idle in the pool.
In this case the server endpoint is likely to end up forcibly shutting
down the connection and complaining about TLS close handshake failure.
In this case one might want to pro-actively evict connections after a
certain period of inactivity. For details see this stackoverflow post:
http://stackoverflow.com/questions/4724193/how-can-i-ensure-that-my-httpclient-4-1-does-not-leak-sockets
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org