You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Jan Peter Stotz (Jira)" <ji...@apache.org> on 2021/07/01 13:59:00 UTC
[jira] [Created] (HTTPCLIENT-2165) HTTPS connections are never
reused when server requires HTTPS client cert auth
Jan Peter Stotz created HTTPCLIENT-2165:
-------------------------------------------
Summary: HTTPS connections are never reused when server requires HTTPS client cert auth
Key: HTTPCLIENT-2165
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 4.5.13
Environment: Windows, OpenJDK 11
Reporter: Jan Peter Stotz
While performing test with an non-public web server serving a REST service I noticed that Apapche commons httpclient does not reuse connections in case the server requires HTTPS authentication via client certificate.
This is my code for initializing the ConnectionManager. The used sslContext is created using the appropriate trust- and keyStore and X509ExtendedKeyManager implementation.
{{SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, hostNameVerifier);}}
{{Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create().register("https", factory).build();}}
{{connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);}}
{{connManager.setMaxTotal(1000);}}
{{connManager.setDefaultMaxPerRoute(200);}}
{{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig = SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}}
{{connManager.setDefaultSocketConfig(socketConfig);}}
{{The used server is an Undertow instance configured to require SSL client authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUIRED)}}
{{If I disable the client auth mode requirement httpclient just opens up one TCP connection to the server. If I enable https client authentication httpclient opens up to the configured route maximum (200) TCP connections to the server. I observed the same behavior using a different web server implementation.}}
{{Enabling logging for PoolingHttpClientConnectionManager I can see that httpclient is using the full maximum of 200 connections per route if HTTPS client auth is required by the server (log after making ~1000 HTTP requests):}}
{{No HTTPS client auth required by server:}}
{{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \{s}->https://localhost:9003][total available: 1; route allocated: 1 of 200; total allocated: 1 of 1000]}}
{{HTTPS Client auth required by server:}}
{{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \{s}->https://localhost:9003][total available: 200; route allocated: 200 of 200; total allocated: 200 of 1000]}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org