'[jira] [Resolved] (HTTPCLIENT-2165) TCP connections are never reused when server requires TLS cert a'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    [jira] [Resolved] (HTTPCLIENT-2165) TCP connections are never reused when server requires TLS cert a
From:       "Oleg Kalnichevski (Jira)" <jira () apache ! org>
Date:       2021-07-01 15:09:00
Message-ID: JIRA.13387070.1625147918000.679664.1625152140617 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-2165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Oleg Kalnichevski resolved HTTPCLIENT-2165.
-------------------------------------------
    Resolution: Invalid

> TCP connections are never reused when server requires TLS cert auth
> -------------------------------------------------------------------
> 
> Key: HTTPCLIENT-2165
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2165
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.13
> Environment: Windows, OpenJDK 11
> Reporter: Jan Peter Stotz
> Priority: Major
> Attachments: hc5_testcode.txt
> 
> 
> While performing test with an non-public web server serving a REST service I \
> noticed that Apapche commons httpclient does not reuse connections in case the \
> server requires HTTPS authentication via client certificate.   This is my code for \
> initializing the ConnectionManager. The used sslContext is created using the \
> appropriate trust- and keyStore and  X509ExtendedKeyManager implementation. \
> {{SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, \
> hostNameVerifier);}} {{Registry<ConnectionSocketFactory> socketFactoryRegistry = \
> RegistryBuilder.<ConnectionSocketFactory> create().register("https", \
> factory).build();}} {{connManager = new \
> PoolingHttpClientConnectionManager(socketFactoryRegistry);}} \
> {{connManager.setMaxTotal(1000);}} {{connManager.setDefaultMaxPerRoute(200);}}
> {{connManager.setValidateAfterInactivity(20000);}}{{SocketConfig socketConfig = \
> SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build();}} \
> {{connManager.setDefaultSocketConfig(socketConfig);}} 
> {{The used server is an Undertow instance configured to require SSL client \
> authentication: setSocketOption(Options.SSL_CLIENT_AUTH_MODE, \
> SslClientAuthMode.REQUIRED)}} 
> {{If I disable the client auth mode requirement httpclient just opens up one TCP \
> connection to the server. If I enable https client authentication httpclient opens \
> up to the configured route maximum (200) TCP connections to the server. I observed \
> the same behavior using a different web server implementation.}} {{Enabling logging \
> for  PoolingHttpClientConnectionManager I can see that httpclient is using the full \
> maximum of 200 connections per route if HTTPS client auth is required by the server \
> (log after making ~1000 HTTP requests):}} 
> {{No HTTPS client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \
> \{s}->https://localhost:9003][total available: 1; route allocated: 1 of 200; total \
> allocated: 1 of 1000]}} 
> {{HTTPS Client auth required by server:}}
> {{DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection request: [route: \
> \{s}->https://localhost:9003][total available: 200; route allocated: 200 of 200; \
> total allocated: 200 of 1000]}} 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic