Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection timeout is not honoured (using SSL connection) #3085

Closed
superbob opened this issue Jan 3, 2024 · 6 comments
Closed

Connection timeout is not honoured (using SSL connection) #3085

superbob opened this issue Jan 3, 2024 · 6 comments

Comments

@superbob
Copy link

superbob commented Jan 3, 2024

Describe the issue

The connection timeout configuration (connectTimeout property) is not honoured when connecting to a pgsql database (at least through SSL).

So if the connection is slow (more than 3s to establish) it will timeout even if more than 3s is configured in the configuration property.

The SSL mode is "require" and a client certificate + client private key are used.

Driver Version?

Since 42.5.2.

It is working fine with 42.5.1.

Still present in 42.7.1.

Java Version?

Not relevant.

OS Version?

Not relevant.

PostgreSQL Version?

14.7 (Ubuntu 14.7-1.pgdg22.04+1)
Case sensitivity: plain=lower, delimited=exact
SSL: yes

To Reproduce

  1. Setup a slow socket connection to a database.
    In my case I'm using a database connection protected by Cloudflare Access which asks for a confirmation through the web browser before establishing the connection. That is during this time that the timeout occurs if I take more than 3 seconds to confirm the connection in Cloudflare Access.
  2. Use a driver with version >= 42.5.2.
  3. Make sure to have at least 10 seconds in the connectTimeout property of the JDBC connection.
  4. Try to connect to the database using DBeaver or IntelliJ or anything else.
  5. Wait for more than 3 seconds (at least 5 seconds).
  6. The connection will fail at approximately 3 seconds.

Expected behaviour

Depending on the connection speed:

  • If it is more than 3 seconds, but less than the connectTimeout, it should succeed.
  • If it lasts more than the connectTimeout, it should time out, but not before the configured timeout value.
@davecramer
Copy link
Member

I'm guessing you need to use sslResponseTimeout which is in milliseconds. This PR #2687 seems relevant.

@vlsi
Copy link
Member

vlsi commented Jan 4, 2024

I think connect timeout should apply to both ssl and simple connects

@davecramer
Copy link
Member

I think connect timeout should apply to both ssl and simple connects

in which case sslResponseTimeout seems redundant

@davecramer
Copy link
Member

Ok, so the whole SSL timeout thing seems complicated. Do we remember why we added SSL_RESPONSE_TIMEOUT?

@superbob
Copy link
Author

superbob commented Jan 5, 2024

Using the sslResponseTimeout property works around the issue indeed 👍. But as vlsi said, maybe connectTimeout should be honoured, even in this case (SSL).

@davecramer
Copy link
Member

I'm going to close this as there is a work around

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vlsi @davecramer @superbob