Details
-
Bug
-
Status: Closed
-
P4
-
Resolution: Duplicate
-
11.0.6
-
None
-
x86_64
-
windows_10
Description
A DESCRIPTION OF THE PROBLEM :
We are hit by the effects of #8214418 if our requests using the java.net.http are going through a recent Apache HTTPS proxy that speaks TLSv1.3.
The client enters an endless loop in trying to close the half-closed connection, exhausts the CPU and cannot do any more requests.
I think this issue is quite critical, but we would like to continue using the LTS OpenJDK 11 version.
Is there any chance the fix for this issue gets backported to 11u?
Unfortunately the Bug ticket is not publicly visible, so I don't know what the status is in there, I just got the Bug ID, as I found the commit that fixed the problem in OpenJDK 12.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
In JShell:
System.setProperty("jdk.internal.httpclient.debug", "true")
System.setProperty("javax.net.debug", "all")
java.net.http.HttpClient.newBuilder().build().send(java.net.http.HttpRequest.newBuilder(new URI("https://tls1.3speaking.url")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body()
And then waiting some seconds
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Everything fine
ACTUAL -
Starts to output thousands of the lines
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) handshaking
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) wrapping 0 bytes
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) SSLResult: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) OK => produced: 0 bytes into 0, not wrapped: 0
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) wrapBuffer returned Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0
which is when the endless loop is happening.
With Java 12 it just cleanly closes the connection after some seconds.
CUSTOMER SUBMITTED WORKAROUND :
Prevent TLSv1.3 being used.
FREQUENCY : always
We are hit by the effects of #8214418 if our requests using the java.net.http are going through a recent Apache HTTPS proxy that speaks TLSv1.3.
The client enters an endless loop in trying to close the half-closed connection, exhausts the CPU and cannot do any more requests.
I think this issue is quite critical, but we would like to continue using the LTS OpenJDK 11 version.
Is there any chance the fix for this issue gets backported to 11u?
Unfortunately the Bug ticket is not publicly visible, so I don't know what the status is in there, I just got the Bug ID, as I found the commit that fixed the problem in OpenJDK 12.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
In JShell:
System.setProperty("jdk.internal.httpclient.debug", "true")
System.setProperty("javax.net.debug", "all")
java.net.http.HttpClient.newBuilder().build().send(java.net.http.HttpRequest.newBuilder(new URI("https://tls1.3speaking.url")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body()
And then waiting some seconds
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Everything fine
ACTUAL -
Starts to output thousands of the lines
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) handshaking
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) wrapping 0 bytes
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) SSLResult: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) OK => produced: 0 bytes into 0, not wrapped: 0
DEBUG: [HttpClient-1-Worker-0] [7s 948ms] SSL Writer(SocketTube(1)) wrapBuffer returned Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0
which is when the endless loop is happening.
With Java 12 it just cleanly closes the connection after some seconds.
CUSTOMER SUBMITTED WORKAROUND :
Prevent TLSv1.3 being used.
FREQUENCY : always