Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix server trying to close the SSLsession in a loop #38

Merged
merged 2 commits into from Aug 10, 2020
Merged

Fix server trying to close the SSLsession in a loop #38

merged 2 commits into from Aug 10, 2020

Conversation

arunans23
Copy link
Member

@arunans23 arunans23 commented Aug 1, 2020
edited

Purpose

After the HTTPS response is written back to the client, the server tries to close the connection and the SSLIOSession. Prior to JDK 8 261 versions (& Prior to Oracle JDK 11.0.2), after SSLIOSession closes the outBound connection, the Handshake status is returned as NEED_UNWRAP. When such status is returned, we set the new event Mask as Read EventMask. In the new JDK versions it is returned as NOT_HANDSHAKING. In such cases, the SSLSession is not getting closed properly, and the server is constantly trying to close the connection which causes the CPU spike. We debugged the JDK code, and we were able to find a commit, which might have caused this behaviour. With this JDK commit, TransportContext Handshake status is returned as NOT_HANDSHAKING even after closeOutbound() is called. (The issue is reproducible for both TLSv1.2 and TLSv1.3)

This issue can be reproduced for any HTTPS request if Connection Keep Alive is disabled (or Connection: close header is present).

arunans23 and others added 2 commits July 30, 2020 17:37
@arunans23
Fix server trying to close the SSLsession in a loop
bd99305 
Related to AdoptOpenJDK/openjdk-jdk11u@8d1b63a
@Nirothipan
Update fix bd99305
0c0ef14 
If the status is closing and outbound is done we don't need to care about inbound and can proceed to read only
@Nirothipan Nirothipan merged commit 6dd8072 into wso2:master Aug 10, 2020
@TanyaM TanyaM mentioned this pull request Aug 12, 2020
Closed
@Vathsan Vathsan mentioned this pull request Aug 26, 2020
Closed
@juanledesma84
Copy link

juanledesma84 commented Nov 26, 2021
edited

Hi @arunans23 . Does this fix should be applied to APIM 4.0.0? Because it's not applied in the httpcore-nio_4.4.14.wso2v1.jar delivered with that version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nirothipan Nirothipan Nirothipan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@arunans23 @juanledesma84 @Nirothipan