Large response entity is truncated over https with 'Connection: close' header

[anilgursel]

When a client sends Connection: close header and response entity is large, the entity gets truncated over https. It is ok with http. We see this behaviour only with larger entities. Please see below reproducer:

import java.io.InputStream
import java.security.{KeyStore, SecureRandom}
import javax.net.ssl.{KeyManagerFactory, SSLContext, TrustManagerFactory}

import akka.actor.ActorSystem
import akka.http.scaladsl.server.Route
import akka.http.scaladsl.{ConnectionContext, Http, HttpsConnectionContext}
import akka.stream.ActorMaterializer
import akka.http.scaladsl.server.Directives._

import scala.util.Random

object HttpsWithLargeResponseEntity extends App {

  implicit val system = ActorSystem()
  implicit val mat = ActorMaterializer()
  implicit val dispatcher = system.dispatcher

  // Manual HTTPS configuration

  val password: Array[Char] = "changeit".toCharArray // do not store passwords in code, read them from somewhere safe!

  val ks: KeyStore = KeyStore.getInstance("JKS")
  val keystore: InputStream = getClass.getClassLoader.getResourceAsStream("example.com.jks")

  require(keystore != null, "Keystore required!")
  ks.load(keystore, password)

  val keyManagerFactory: KeyManagerFactory = KeyManagerFactory.getInstance("SunX509")
  keyManagerFactory.init(ks, password)

  val tmf: TrustManagerFactory = TrustManagerFactory.getInstance("SunX509")
  tmf.init(ks)

  val sslContext: SSLContext = SSLContext.getInstance("TLS")
  sslContext.init(keyManagerFactory.getKeyManagers, tmf.getTrustManagers, new SecureRandom)
  val https: HttpsConnectionContext = ConnectionContext.https(sslContext)

  val routes: Route = get { complete(Random.nextString(1024 * 100)) }
  Http().bindAndHandle(routes, "127.0.0.1", 8443, connectionContext = https)
  Http().bindAndHandle(routes, "127.0.0.1", 8080)
}

With the following commands, I see the entire entity is retrieved:

• curl -kv https://localhost:8443/
• curl -v http://localhost:8080/ -H 'Connection: close'
• curl -v http://localhost:8080/

However, when the Connection: close' header is sent and the protocol is https, the entity gets truncated:

• curl -kv https://localhost:8443/ -H 'Connection: close'

transfer closed with 90231 bytes remaining to read
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (18) transfer closed with 90231 bytes remaining to read

[jonas]

Looks similar to #459 (and tickets referenced from it) but for HTTPS.

[jrudolph]

I can reproduce this issue. Here's source code and log for that issue: https://gist.github.com/jrudolph/a4f3adc3a1bbe57e6ebffd4c2fe8c649

I agree with @jonas that this issue looks very similar to #459. It seems the connection closure triggers stream completion and cancellation at the same time, which makes the TLS buffer drop still outstanding outgoing bytes.

I guess the problem here might be that the DelayCancellation stage is inserted at the wrong position, i.e. between TCP and TLS and not between SSL and HTTP.

[jrudolph]

That was it exactly. I posted a preliminary fix as #1235, pending proper tests. If someone wants to pick up until I get to it, please do.