New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Connection Timeout Intermittently #4444
Comments
The logs report this:
This means that you have a problem in the configuration of your server. |
@Amarendraar23 sorry I wrongly assumed you wanted to have the server support HTTP/2. Can you enable DEBUG logging for |
there is a jetty.log file as well. Anyways attaching it here. |
@sbordet any update on this issue? I did some analysis. it looks like data is not getting flushed 19:14:02.755:DBUG:oejis.SslConnection:qtp_httpsamar_HttpServerAdapter_node1-4246: flush NEED_WRAP |
@Amarendraar23 the logs only contain DEBUG information for What I can see from the logs is that the TLS handshake terminates successfully, but then the server does not receive any more bytes and idle times out, which is expected behavior. |
I have shared new logs with I have 3 curl requests in the logs shared. First 2 curl requests have completed successfully with the page getting retrieved. But the third request didn't load and timed out. Let me know if you need any more logs or info. |
The logs show that we are towards the end of the TLS handshake, in We then return I've never seen this, so probably it's a different handling of TLS in the IBM JVM that Jetty does not handle well. |
Fixed handling of encrypted bytes to write in needsFillInterest() when the TLS handshake status is NOT_HANDSHAKING. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
@Amarendraar23 are you able to try the fixed code in PR #4446 and report back if it works for you? To build the fixed code:
Then use 9.4.25-SNAPSHOT as a dependency (we have not updated the POMs to 9.4.26-SNAPSHOT yet). Thanks! |
@sbordet I built the projects and did some testing around it. All requests are completing successfully. Ran the curl command in a loop and sleep of 10 secs for 5 mins. |
@Amarendraar23 if you could confirm with your QA that the fix solves the issue for you, will be great. The fix introduced a few test failures in our test suite, so we need to investigate why and try to find a fix that works for both Oracle and IBM JVMs - we will ask you to do more testing when we have figured out the issue. Thanks! |
@sbordet We performed several tests and didn't see any failure. So i can confirm that the fix works fine in the scenarios we could test. What could be the possible ETA for this fix, as its a high priority for us to upgrade? |
Fixed write in doShutdownOutput() by updating the state before the write, so that needsFillInterest() can check whether to also do a write or not. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Seeing the below TimeoutException which is being ignored.
Is this expected? |
@Amarendraar23 the logs are incomplete (we need to see the log lines before and after to tell what's going on), but in general idle timeouts are normal, as they close idle connections to save server resources. Idle timeouts may happen during the processing of requests, and if so they are ignored, as per the Servlet Specification. |
I believe I may also be seeing this issue to this in Jetty 9.4.18 with Java 1.8.0_221-b11 on RHEL. When a message exceeds the maximum fragment length of 16384 bytes the second part of the fragment is not fully sent until the connection times out. It seems as though Jetty only fills up the last available fragment, and never continues on to the next message. Edited log snippet:
This appears to happen as there are still 27 bytes available of the 16384 in the current message so they are filled, but the next part of the message never gets sent. Packet trace:
Certificate Request, Server Hello Done:
If this does not seem to be the same problem I can open a new ticket with more details. |
Hi @sbordet Any update on the fix? Seems like its failing in tests again |
Fixes #4444 - Connection timeout intermittently when using jetty 9.4…
Fixed write in doShutdownOutput() by updating the state before the write, so that needsFillInterest() can check whether to also do a write or not. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Jetty
IBM JDK 1.8.5.40
Red Hat Enterprise Linux Server release 7.7
I upgraded from 9.4.11 to 9.4.25 in product. I am noticing connection getting stuck & timing out without loading the webpage. I deployed a helloworld war on the jetty server. The curl command seems stuck during/after TLS handshake. Once the timeout is hit the connection is closed down.
Attaching the Jetty & SSL logs
Connection-TimeOutSSl.zip
I have tried to use 9.4.12,9.4.20 and 9.4.24 versions, but without success.
This seems to happen intermittently but with larger number of request failing.
The text was updated successfully, but these errors were encountered: