SSL Handshake : timing and timeout
Hello, Is there a way in HttpClient/HttpCore to compute the time taken by SSL Handshake ? And timeout handshake ? Thank you Regards Philippe M.
Re: SSL Handshake : timing and timeout
Sendt fra min iPhone > Den 11. nov. 2016 kl. 00.25 skrev Philippe Mouawad : > > Hello, > Is there a way in HttpClient/HttpCore to compute the time taken by SSL > Handshake ? > And timeout handshake ? Use socketoptions > > Thank you > Regards > Philippe M. - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: SSL Handshake : timing and timeout
Thank you Stefan Could you point me to some doc ? Thanks On Fri, Nov 11, 2016 at 9:20 AM, Stefan Magnus Landrø < stefan.lan...@gmail.com> wrote: > > > Sendt fra min iPhone > > > Den 11. nov. 2016 kl. 00.25 skrev Philippe Mouawad >: > > > > Hello, > > Is there a way in HttpClient/HttpCore to compute the time taken by SSL > > Handshake ? > > And timeout handshake ? > > Use > socketoptions > > > > Thank you > > Regards > > Philippe M. > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > -- Cordialement. Philippe Mouawad.
Re: SSL Handshake : timing and timeout
https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html#setDefaultSocketConfig(org.apache.http.config.SocketConfig) 2016-11-11 9:34 GMT+01:00 Philippe Mouawad : > Thank you Stefan > Could you point me to some doc ? > > Thanks > > On Fri, Nov 11, 2016 at 9:20 AM, Stefan Magnus Landrø < > stefan.lan...@gmail.com> wrote: > > > > > > > Sendt fra min iPhone > > > > > Den 11. nov. 2016 kl. 00.25 skrev Philippe Mouawad < > pmoua...@apache.org > > >: > > > > > > Hello, > > > Is there a way in HttpClient/HttpCore to compute the time taken by SSL > > > Handshake ? > > > And timeout handshake ? > > > > Use > > socketoptions > > > > > > Thank you > > > Regards > > > Philippe M. > > > > - > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > > > > -- > Cordialement. > Philippe Mouawad. > -- BEKK Open http://open.bekk.no TesTcl - a unit test framework for iRules http://testcl.com
Re: SSL Handshake : timing and timeout
Thanks but I see not property related to Ssl Handshake timeout. Regards On Friday, November 11, 2016, Stefan Magnus Landrø wrote: > https://hc.apache.org/httpcomponents-client-ga/ > httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html# > setDefaultSocketConfig(org.apache.http.config.SocketConfig) > > 2016-11-11 9:34 GMT+01:00 Philippe Mouawad >: > > > Thank you Stefan > > Could you point me to some doc ? > > > > Thanks > > > > On Fri, Nov 11, 2016 at 9:20 AM, Stefan Magnus Landrø < > > stefan.lan...@gmail.com > wrote: > > > > > > > > > > > Sendt fra min iPhone > > > > > > > Den 11. nov. 2016 kl. 00.25 skrev Philippe Mouawad < > > pmoua...@apache.org > > > >: > > > > > > > > Hello, > > > > Is there a way in HttpClient/HttpCore to compute the time taken by > SSL > > > > Handshake ? > > > > And timeout handshake ? > > > > > > Use > > > socketoptions > > > > > > > > Thank you > > > > Regards > > > > Philippe M. > > > > > > - > > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > > > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > > > > > > > > > > > -- > > Cordialement. > > Philippe Mouawad. > > > > > > -- > BEKK Open > http://open.bekk.no > > TesTcl - a unit test framework for iRules > http://testcl.com > -- Cordialement. Philippe Mouawad.
Re: SSL Handshake : timing and timeout
True. The way SSL sockets are created is complex stuff. They are layered and I believe the handshake is async - maybe Oleg could clarify? Anyways - We ran into an issue a few years ago with an SSL handshake taking for ever (a switch was dropping packets of a certain size ... ), and tracked our hanging threads down to blocking because the SoTimeout was set to 0 by default. Changing this prevented threads from hanging for ever. Ref javadoc: Determines the default socket timeout value for non-blocking I/O operations. 2016-11-11 10:01 GMT+01:00 Philippe Mouawad : > Thanks but I see not property related to Ssl Handshake timeout. > > Regards > > On Friday, November 11, 2016, Stefan Magnus Landrø < > stefan.lan...@gmail.com> > wrote: > > > https://hc.apache.org/httpcomponents-client-ga/ > > httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html# > > setDefaultSocketConfig(org.apache.http.config.SocketConfig) > > > > 2016-11-11 9:34 GMT+01:00 Philippe Mouawad > >: > > > > > Thank you Stefan > > > Could you point me to some doc ? > > > >
Re: SSL Handshake : timing and timeout
On Fri, 2016-11-11 at 11:01 +0100, Stefan Magnus Landrø wrote: > True. The way SSL sockets are created is complex stuff. They are layered > and I believe the handshake is async - maybe Oleg could clarify? > There is nothing special or unusual about SSL/TLS handshakes. They involve multiple IP packet exchanges over a TCP connection. Standard socket settings fully apply. Oleg > Anyways - We ran into an issue a few years ago with an SSL handshake taking > for ever (a switch was dropping packets of a certain size ... ), and > tracked our hanging threads down to blocking because the SoTimeout was set > to 0 by default. Changing this prevented threads from hanging for ever. > > Ref javadoc: > > Determines the default socket timeout value for non-blocking I/O operations. > > 2016-11-11 10:01 GMT+01:00 Philippe Mouawad : > > > Thanks but I see not property related to Ssl Handshake timeout. > > > > Regards > > > > On Friday, November 11, 2016, Stefan Magnus Landrø < > > stefan.lan...@gmail.com> > > wrote: > > > > > https://hc.apache.org/httpcomponents-client-ga/ > > > httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html# > > > setDefaultSocketConfig(org.apache.http.config.SocketConfig) > > > > > > 2016-11-11 9:34 GMT+01:00 Philippe Mouawad > > >: > > > > > > > Thank you Stefan > > > > Could you point me to some doc ? > > > > > > - To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
Re: SSL Handshake : timing and timeout
Hello, Maybe my thinking is stupid, but isn't there some use cases where SOcket does not timeout but a loop can occur in handshake ? My idea is to have a timeout on the handshake process. Regards On Sat, Nov 12, 2016 at 4:26 PM, Oleg Kalnichevski wrote: > On Fri, 2016-11-11 at 11:01 +0100, Stefan Magnus Landrø wrote: > > True. The way SSL sockets are created is complex stuff. They are layered > > and I believe the handshake is async - maybe Oleg could clarify? > > > > There is nothing special or unusual about SSL/TLS handshakes. They > involve multiple IP packet exchanges over a TCP connection. Standard > socket settings fully apply. > > Oleg > > > Anyways - We ran into an issue a few years ago with an SSL handshake > taking > > for ever (a switch was dropping packets of a certain size ... ), and > > tracked our hanging threads down to blocking because the SoTimeout was > set > > to 0 by default. Changing this prevented threads from hanging for ever. > > > > Ref javadoc: > > > > Determines the default socket timeout value for non-blocking I/O > operations. > > > > 2016-11-11 10:01 GMT+01:00 Philippe Mouawad >: > > > > > Thanks but I see not property related to Ssl Handshake timeout. > > > > > > Regards > > > > > > On Friday, November 11, 2016, Stefan Magnus Landrø < > > > stefan.lan...@gmail.com> > > > wrote: > > > > > > > https://hc.apache.org/httpcomponents-client-ga/ > > > > httpclient/apidocs/org/apache/http/impl/client/ > HttpClientBuilder.html# > > > > setDefaultSocketConfig(org.apache.http.config.SocketConfig) > > > > > > > > 2016-11-11 9:34 GMT+01:00 Philippe Mouawad < > philippe.moua...@gmail.com > > > > >: > > > > > > > > > Thank you Stefan > > > > > Could you point me to some doc ? > > > > > > > > > > > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > -- Cordialement. Philippe Mouawad.
Re: SSL Handshake : timing and timeout
Hello, A loop can IMHO only happen if one site violates thenprotocol and the other does not catch it. So it is seldom. A request- or header- Timeout would include it. But if you want to also abort connects in a delayed handshake then you would would need to watch the progress with a timer or watchdog thread yourself, there is no sslsocket level Timeout for it. If you detect exceeding timeouts you can close the socket, that will abort all pending operations. (In some situations it sends ssl shutdown messages if you close a SSL socket so for that reaper thread it might be better to directly close the physical socket object (to the proxy) Not sure if http client has a especially rude cancel method to trigger this? Gruss Bernd -- http://bernd.eckenfels.net On Tue, Nov 15, 2016 at 8:52 PM +0100, "Philippe Mouawad" wrote: Hello, Maybe my thinking is stupid, but isn't there some use cases where SOcket does not timeout but a loop can occur in handshake ? My idea is to have a timeout on the handshake process. Regards On Sat, Nov 12, 2016 at 4:26 PM, Oleg Kalnichevski wrote: > On Fri, 2016-11-11 at 11:01 +0100, Stefan Magnus Landrø wrote: > > True. The way SSL sockets are created is complex stuff. They are layered > > and I believe the handshake is async - maybe Oleg could clarify? > > > > There is nothing special or unusual about SSL/TLS handshakes. They > involve multiple IP packet exchanges over a TCP connection. Standard > socket settings fully apply. > > Oleg > > > Anyways - We ran into an issue a few years ago with an SSL handshake > taking > > for ever (a switch was dropping packets of a certain size ... ), and > > tracked our hanging threads down to blocking because the SoTimeout was > set > > to 0 by default. Changing this prevented threads from hanging for ever. > > > > Ref javadoc: > > > > Determines the default socket timeout value for non-blocking I/O > operations. > > > > 2016-11-11 10:01 GMT+01:00 Philippe Mouawad >: > > > > > Thanks but I see not property related to Ssl Handshake timeout. > > > > > > Regards > > > > > > On Friday, November 11, 2016, Stefan Magnus Landrø < > > > stefan.lan...@gmail.com> > > > wrote: > > > > > > > https://hc.apache.org/httpcomponents-client-ga/ > > > > httpclient/apidocs/org/apache/http/impl/client/ > HttpClientBuilder.html# > > > > setDefaultSocketConfig(org.apache.http.config.SocketConfig) > > > > > > > > 2016-11-11 9:34 GMT+01:00 Philippe Mouawad < > philippe.moua...@gmail.com > > > > >: > > > > > > > > > Thank you Stefan > > > > > Could you point me to some doc ? > > > > > > > > > > > > - > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > -- Cordialement. Philippe Mouawad.
