[OPENDJ-4920] LDAPS connections which are still inside handshake do not get idle closed Created: 23/Mar/18 Updated: 08/Nov/19
|Component/s:||core apis, core server|
|Affects Version/s:||6.0.0, 5.5.0, 4.0.0, 3.5.0|
|Reporter:||Lee Trujillo||Assignee:||Yannick Lecaillez|
|Support Ticket IDs:|
A client connection gets stuck completing its TLS handshake and as a result, cannot be disconnected by the Idle Time Limit thread and a deadlock ensues.
The Idle Timeout was set between 2 minutes and 50000 ms. No setting had an effect on the problem.
|Comment by Ludovic Poitou [ 23/Mar/18 ]|
I'm a little bit confused, but how long did the connection got stuck in the TSL Handshake ?
|Comment by Chris Ridd [ 06/Apr/18 ]|
I've added a sample "bad client", based on the code at this Github project.
The last argument is the number of ms to sleep at each stage of the handshake. Make it much bigger than DS's global idle-time-limit to make it easier to observe the problems. In 6.x there's no deadlock, but the connection still does not get idle closed.
|Comment by Lee Trujillo [ 06/Apr/18 ]|
Note, I added the following to the main notes after you asked.
|Comment by Ludovic Poitou [ 06/Apr/18 ]|
Idle Timeout is a function on established connections.