Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
4.5.14, 5.3.1
-
None
Description
If a server with TLS 1.3 support closes the connection during the request, more specifically, sending close_notify while the client is still writing to socket, the request will hang indefinitely. It's not an issue with TLS 1.2 because it uses duplex-close policy. With TLS 1.3's half-closed connection policy, it seems Apache HTTP client is not able to detect connection closure properly. We are able to reproduce the issue with both 4.x and 5.x. I should note that HTTP URL connection does not have this issue.
The workaround it to set `jdk.tls.acknowledgeCloseNotify` to true (see https://bugs.openjdk.org/browse/JDK-8208526), but that would require a lot of users to make changes on their side.
Steps to repro:
- Download the attached keystore file
- Update ksPath in the server code HalfCloseServer.java to where you download the keystore
- Run the server, the server will begin listening on localhost:8081
- Create a random file of size 128MB and update client code "testFile" to where the file is.
- Run the client, it should hang
- If System.setProperty("jdk.tls.acknowledgeCloseNotify", "true") is uncommented, it will not hang
- It also won’t hang if we we force TLS1.2
