Comments (12)
There are many potential causes of connection timeouts:
- Most networking equipment is flaky under high load. When load is high, they drop some packets. You can detect these lost packets by capturing packets from both machines. TCP is resilient against dropped packets when the OS uses appropriate TCP retransmit timings.
- Server process not utilizing all cores because of misconfiguration or container restrictions. Check per-core cpu utilization.
- Container network throttling. The container may be dropping the packets. To detect this, capture packets on the container's internal interface.
- Tokio worker threads stuck on blocking IO. Check per-thread cpu utilization.
- Server process doing something expensive in the accept loop or in connection handler before starting TLS negotiation. Logging can cause slowdowns.
- Host machine is custom built and its power supply is too small. This problem shows under heavy load. It can cause all kinds of strange machine errors. Check the kernel logs for strange errors.
- Host machine internal bus congestion. The internal bus serves GPUs, SSD, and NICs. Network throughput can go down when the NIC shares a PCI channel with another device and that device is used heavily. Check the NIC queue lengths.
- Cosmic rays corrupting TCP packets in RAM. This doesn't affect 1-minute tests.
- Bug in core application libraries
It's been 1.5 months since you reported this issue. What happened?
from tls.
@mleonhard Thank you for your reply.
For reasons of energy, I'm not following this issue, but I'm going to go through H2 and get around the situation.
from tls.
Can you give a reproduce example?
from tls.
The server times out when the code "acceptor.accept(io).await" is executed. The io is tokio tcpstream and the certificate is rsa two-way authentication.
from tls.
The client uses the method "connect " of tokio-rustls.
from tls.
the server handshake timout is 30 sec, the client handshake timout is 10 sec. The CPU usage of the client and server accounts for less than a quarter of the system CPU.
from tls.
Faulty packets
from tls.
I cannot reproduce the problem, can you provide your test code?
I don't think that concurrency will affect tls handshake. from your description, handshake fail
is actually a timeout instead of TLS error?
from tls.
I'm sorry, I can't provide the current code. However, this error is not caused by handshake timeout. The timeout interval of the client is 10s and that of the server is 30s. If the handshake fails because of timeout, the client reports timeout first. However, the current problem is that the client considers that the handshake is successful, but the server considers that the handshake times out.
from tls.
According to the captured packets, the server (IP 58) may be waiting for the client (IP 53) to send a Change Cipher Sepc packet to the server.
from tls.
@silence-coding If you're not going to pursue the issue further, how about closing it? That would be kind to the project maintainers.
from tls.
@mleonhard All right.
from tls.
Related Issues (20)
- rustls: unable to do session resumption with api.devicecheck.apple.com HOT 3
- test fails without feature tls12 HOT 6
- test fails with only feature http1 enabled
- tcp Recv-Q accumulation appears on the tls server HOT 2
- HTTP upgrade on the same port HOT 2
- use features to make tokio-rustls compatible with `futures` interface HOT 4
- TLS handshake stuck in weak network environment HOT 12
- Proxy protocol support HOT 4
- `try_read` for `TlsStream` HOT 4
- Release new tokio-native-tls version to push "vendored" feature out? HOT 2
- tokio-rustls: how to use buffering with TlsStream? HOT 4
- Moving tokio-rustls into the rustls org? HOT 12
- Several RUSTSEC vulnerabilities in openssl HOT 1
- Getting UnexpectedEof on read_to_end while the sync version works fine HOT 3
- Optional TLS streams? HOT 2
- TlsAcceptor not responding HOT 1
- the method `get_ref` exists for reference `&TlsStream<AllowStd<S>>`, but its trait bounds were not satisfied HOT 1
- Cannot load the example identity: "Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()" HOT 1
- Latest published version of tokio-native-tls contains bad dependency
- Strange situation.It can be interfered with by other ws or tcp requests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tls.