[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-commons-dev
Subject: [jira] [Created] (HTTPCLIENT-2165) HTTPS connections are never reused when server requires HTTPS cli
From: "Jan Peter Stotz (Jira)" <jira () apache ! org>
Date: 2021-07-01 13:59:00
Message-ID: JIRA.13387070.1625147918000.679355.1625147940026 () Atlassian ! JIRA
[Download RAW message or body]
Jan Peter Stotz created HTTPCLIENT-2165:
-------------------------------------------
Summary: HTTPS connections are never reused when server requires HTTPS \
client cert auth Key: HTTPCLIENT-2165
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient (classic)
Affects Versions: 4.5.13
Environment: Windows, OpenJDK 11
Reporter: Jan Peter Stotz
While performing test with an non-public web server serving a REST service I noticed \
that Apapche commons httpclient does not reuse connections in case the server \
requires HTTPS authentication via client certificate.
This is my code for initializing the ConnectionManager. The used sslContext is \
created using the appropriate trust- and keyStore and X509ExtendedKeyManager \
implementation.
{{SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, \
hostNameVerifier);}} {{Registry<ConnectionSocketFactory> socketFactoryRegistry = \
RegistryBuilder.<ConnectionSocketFactory> create().register("https", \
factory).build();}} {{connManager = new \
PoolingHttpClientConnectionManager(socketFactoryRegistry);}} \
{{connManager.setMaxTotal(1000);}} {{connManager.setDefaultMaxPerRoute(200);}}
{{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig = \
SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}} \
{{connManager.setDefaultSocketConfig(socketConfig);}}
{{The used server is an Undertow instance configured to require SSL client \
authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE, \
SslClientAuthMode.REQUIRED)}}
{{If I disable the client auth mode requirement httpclient just opens up one TCP \
connection to the server. If I enable https client authentication httpclient opens up \
to the configured route maximum (200) TCP connections to the server. I observed the \
same behavior using a different web server implementation.}}
{{Enabling logging for PoolingHttpClientConnectionManager I can see that httpclient \
is using the full maximum of 200 connections per route if HTTPS client auth is \
required by the server (log after making ~1000 HTTP requests):}}
{{No HTTPS client auth required by server:}}
{{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \
\{s}->https://localhost:9003][total available: 1; route allocated: 1 of 200; total \
allocated: 1 of 1000]}}
{{HTTPS Client auth required by server:}}
{{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \
\{s}->https://localhost:9003][total available: 200; route allocated: 200 of 200; \
total allocated: 200 of 1000]}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic