Add integration tests for TLS handshake timeouts #644
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
@rschmitt Presently all timeouts supported by HC represent the maximum period of inactivity between consecutive i/o operations and not a deadline. There is feature request for request execution deadline support. It would not be easy to implement with the async transport and likely impossible with the classic transport. |
ok2c
approved these changes
Jun 5, 2025
...lient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestTlsHandshakeTimeout.java
Outdated
Show resolved
Hide resolved
This change adds basic integration test coverage for TLS handshake timeouts for the sync and async clients. The tests make use of a special test server that times out a single TLS connection attempt and can be configured to time out at two different points in the TLS 4-way handshake. Note that the TLS handshake timeout, as currently implemented, works like a socket timeout for the TLS handshake phase of the connection: it only limits the amount of time that will be spent on each individual socket read/write operations, not the total time spent in the handshake attempt. The timeout server, for example, could inject a delay before sending the Server Hello, which would cause the client to spend up to double the configured timeout attempting to complete the handshake. There is no test coverage for this behavior, but it could be added if we decided that it should be part of the feature's contract.
rschmitt
force-pushed
the
handshake-timeout-tests
branch
from
1d94a5e to
b8d352b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change adds basic integration test coverage for TLS handshake timeouts for the sync and async clients. The tests make use of a special test server that times out a single TLS connection attempt and can be configured to time out at two different points in the TLS 4-way handshake.
Note that the TLS handshake timeout, as currently implemented, works like a socket timeout for the TLS handshake phase of the connection: it only limits the amount of time that will be spent on each individual socket read/write operations, not the total time spent in the handshake attempt. The timeout server, for example, could inject a delay before sending the Server Hello, which would cause the client to spend up to double the configured timeout attempting to complete the handshake. There is no test coverage for this behavior, but it could be added if we decided that it should be part of the feature's contract.