Hi, We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19) where we see that HTTP/1.1 connections are closed whenever a servlet application returns the following status codes: 400, 408, 411, 414, 500, 503, 501. This causes client applications to rapidly reconnect and induce high server-side CPU load due to doing TLS handshakes.
The 400 and 500 status codes are commonly used in RESTful microservices to communicate errors. Reviewing RFC 9112 I couldn't find any requirement for closing connections on these status codes. After testing with Undertow (version 2.3.12), where we didn't see the same behaviour, we believe that these status codes do not necessitate a new connection. Checking the Tomcat sources makes me believe that the behaviour is hard-coded[1]. I'm reaching out here to re-evaluate the list of status codes and to discuss the possibilities of making the behaviour configurable. A colleague of mine reported a bug for this issue: https://bz.apache.org/bugzilla/show_bug.cgi?id=68901 Kind regards, Stefan Ansing [1]: https://github.com/apache/tomcat/blame/bc900e0100de9879604b93af4722c272ab3d1a24/java/org/apache/coyote/http11/Http11Processor.java#L604-L617
