From 9e0de0dde5fd699f09f840a50b56c38b91e869fa Mon Sep 17 00:00:00 2001 From: Arturo Bernal Date: Thu, 31 Jul 2025 19:39:04 +0200 Subject: [PATCH] HTTPCLIENT-2386: Fix TLS handshake timeout precedence Default to socketTimeout (not connectTimeout) for TLS handshakes --- .../impl/nio/DefaultAsyncClientConnectionOperator.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java index 4c4177a9c8..852bfab3d8 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java @@ -165,7 +165,13 @@ public void completed(final IOSession session) { if (tlsStrategy != null) { try { final Timeout socketTimeout = connection.getSocketTimeout(); - final Timeout handshakeTimeout = tlsConfig.getHandshakeTimeout(); + // TLS handshake timeout precedence: + // 1. Explicitly configured handshake timeout from TlsConfig + // 2. Current socket timeout of the connection (if set) + // 3. Falls back to connectTimeout if neither is specified (handled later) + final Timeout handshakeTimeout = tlsConfig.getHandshakeTimeout() != null + ? tlsConfig.getHandshakeTimeout() + : socketTimeout; final NamedEndpoint tlsName = endpointName != null ? endpointName : endpointHost; onBeforeTlsHandshake(context, endpointHost); if (LOG.isDebugEnabled()) {