New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

10-20 hang on connections when SSL Mode is set to Prefer or Require in connection string #2145

Open
jsw1993 opened this Issue Sep 5, 2018 · 10 comments

Comments

Projects
None yet
3 participants
@jsw1993

jsw1993 commented Sep 5, 2018

The issue

When having SSL set to either require or prefer connections are often taking 10 seconds plus. The connection appears to hang. This does not occur when SSL mode is set to disable. Wireshark captures below. I've also tried using SslStream.

Other SSL connections to the PostGres instance do not have this problem

Further technical details

Npgsql version: 4.0.2
PostgreSQL version: PostgreSQL 9.6.8 ( running in Amazon RDS)
Operating system: Code is running from a Windows 2012 R2 server. PostGres is running on

Other details about my project setup:
Wireshark capture with SSL set to require
image

Same code ran with SSL set to disable
image

@roji

This comment has been minimized.

Member

roji commented Sep 6, 2018

Other SSL connections to the PostGres instance do not have this problem

Just to be sure, so connecting with psql with SSL on works without issues, from the same client machine to the same PostgreSQL server? Is it possible for you to also post a wireshark dump of a working SSL connection with psql so we can compare?

Another idea is to try with another client/server pair, ideally without any sort of complicated network setup in between, just to make sure this isn't somehow affected by your network or server setup (although if psql works well we still have a problem).

Also, just to make sure, can you please include Use SSL Stream=true in your connection string (although that's the default since 4.0), just in case?

When using Use SSL Stream=true, Npgsql simply uses the standard .NET SslStream class, so it's hard to see how an issue in Npgsql could be causing this - but it's also hard to imagine a serious bug in .NET SslStream.

@roji

This comment has been minimized.

Member

roji commented Sep 6, 2018

Hmm, that "Change Cipher Spec" TLS message is curious (I'm far from an expert). You haven't tweaked your PostgreSQL SSL/TLS config in any way, have you?

@jsw1993

This comment has been minimized.

jsw1993 commented Sep 6, 2018

Hi Roji.
Connection string
Server= pgrds.DOMAIN.com;Port=5432;SSL Mode=Require;Username=USERNAME;Password=●●●●●●●●●;Database=db2018;Trust Server Certificate=true;Timeout=30;Use SSL Stream=false
image

Connection string
Server= pgrds.DOMAIN.com;Port=5432;SSL Mode=Require;Username=USERNAME;Password=●●●●●●●●●;Database=db2018;Trust Server Certificate=true;Timeout=30;Use SSL Stream=true
image

Connection using PGAdmin
image

The above tests are all from the same server to the same RDS instance. The tests showing the connection string are using NPGSQL.

This is running in Amazon RDS so you do not get to configure the cipher settings. We are getting the issue in both our production and development environments. I can try it outside of Amazon but its going to take some time for me to setup.

Thanks for your help.

Regards
James

@roji

This comment has been minimized.

Member

roji commented Sep 6, 2018

I'm not sure I understand, the wireshark you posted of the PGAdmin connection shows the same 15-second delay as the Npgsql connection test... so it seems that the problem isn't Npgsql-related at all, but some sort of general issue when connecting to your PostgreSQL, no?

@jsw1993

This comment has been minimized.

jsw1993 commented Sep 7, 2018

Sorry! Wrong screenshot
This is the one from PGAdmin. The others are correct.
image

@jsw1993

This comment has been minimized.

jsw1993 commented Oct 10, 2018

Any ideas on this? Sorry the information I gave was not clear

@jsw1993 jsw1993 closed this Oct 10, 2018

@jsw1993 jsw1993 reopened this Oct 10, 2018

@YohDeadfall

This comment has been minimized.

Member

YohDeadfall commented Oct 10, 2018

It's a duplicate of #2004 which is fixed now.

@YohDeadfall YohDeadfall added duplicate and removed duplicate labels Oct 10, 2018

@YohDeadfall

This comment has been minimized.

Member

YohDeadfall commented Oct 10, 2018

Sorry, didn't carefully read the connection string. Reopened.

@YohDeadfall YohDeadfall reopened this Oct 10, 2018

@roji

This comment has been minimized.

Member

roji commented Nov 19, 2018

@jsw1993 I'm coming back to issues after some downtime, is this still happening/relevant to you?

@jsw1993

This comment has been minimized.

jsw1993 commented Nov 26, 2018

Hi Roji.
I'm just going to double check using v4.0.3.0 and will let you know.
Regards
James

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment