stackoom
  简体   繁体   中英

tomcat with https get a CLOSE_WAIT when directly TCP connect

 原文  2016-09-27 07:24:54       java/ sockets/ tomcat/ tcp

Question

I use tomcat 8.5.4 to build a https based server on port 443 like this:

 94     <Connector
 95            protocol="org.apache.coyote.http11.Http11NioProtocol"
 96            port="8000" maxThreads="200"
 97            scheme="https" secure="true" SSLEnabled="true"
 98            keystoreFile="conf/rs_keystore.jks" keystorePass="ntsdawn"
 99            clientAuth="false" sslProtocol="TLS"/>

But a client use tcp to connect the port 8000, and then quickly close the tcp connection. After this, in my server the connection is CLOSE_WAIT status, and more important is, the CPU grows and the org.apache.tomcat.util.net.TLSClientHelloExtractor object was created very fast util the gc trigger:

root@nts32:/home/vcloud/apache-tomcat-8.5.4/logs# jmap -histo 14 | head

 num     #instances         #bytes  class name
----------------------------------------------
   1:       5159655      165108960  java.util.HashMap$Node
   2:          9138      131509512  [I
   3:       5148446      123562704  java.util.ArrayList
   4:       5145501      123492024  java.util.concurrent.LinkedBlockingQueue$Node
   5:       5145486      123491664  org.apache.tomcat.util.net.**TLSClientHelloExtractor**
   6:       3210008      102720256  java.util.concurrent.locks.AbstractQueuedSynchronizer$Node
   7:       2162508       86500320  java.util.HashMap$KeyIterator

And the connection will stay at CLOSE_WAIT forever....

But, if I modify the server.xml use http but not https like this:

 70     <Connector port="8000" protocol="org.apache.coyote.http11.Http11NioProtocol"
 71                connectionTimeout="20000"
 72                redirectPort="8443" />

Then every thing is OK. The TCP connect come and my server will reply the FIN when client send the FIN.

Is anything wrong of my https configuration?

2 answers

solution1
 2 ACCPTED  2016-12-10 22:02:15

There's a bug in tomcat 8.5.4 wherein TLS connections get into a loop when socket connection is dropped before TLS handshake is complete. Upgrading to tomcat 8.5.5 or above should fix this.

Below is the bug

https://bz.apache.org/bugzilla/show_bug.cgi?id=60035

solution2
 1  2019-11-26 18:19:43

There could be issue with HTTPs apache libs as well. From apache release notes of httpcore-osgi-4.4.11, I found two bugs fixed in "httpcore-osgi" library which are possibly related: Bug fix: corrected handling of graceful SSL session termination initiated by the opposite endpoint (back-ported from master). Contributed by Oleg Kalnichevski

Bug fix: corrected handling of NEED_WRAP handshake status during graceful SSL session termination
(back-ported from master).
Contributed by Oleg Kalnichevski <olegk at apache.org>

Link for reference: https://www.apache.org/dist/httpcomponents/httpcore/RELEASE_NOTES-4.4.x.txt

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question tcp connection stuck in close_wait java Tomcat behavior for CLOSE_WAIT connections Reproduce tcp CLOSE_WAIT state with java client/server Multiple complete HTTP requests stuck in TCP CLOSE_WAIT state Socket ends up in CLOSE_WAIT when using Jython Number of CLOSE_WAIT with lsof Java Server socket TCP connection stuck in CLOSE_WAIT state while client shutdown or client restart CLOSE_WAIT and FIN_WAIT_2 when I try to create a SSL client socket Sockets in CLOSE_WAIT from Jersey Client Too many Close_wait in jetty 9.0.3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM