Project

General

Profile

Bug #8590

Second call of https.get results in timeout

Added by Yutaka HARA over 3 years ago. Updated almost 3 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
ruby -v:
ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin12.4.0]
[ruby-core:55736]

Description

Hi,

In the following code, second call of https.get results in an error "Connection reset by peer - SSL_connect" after timeout.


require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this server

https.use_ssl = true
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK

https.start{ p https.get('/') } #=> (Timeout)

Expected: prints response twice

Actual: prints response once, and raises the following error after timeout

/Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in connect': Connection reset by peer - SSL_connect (Errno::ECONNRESET)
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in
block in connect'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/timeout.rb:52:in timeout'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in
connect'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:862:in do_start'
from /Users/yhara/.rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/http.rb:851:in
start'

Is this a bug of Net::HTTP, or a problem of the server, or just I'm doing something wrong?

Thanks in advance.

net.http.reuse_ssl_session.patch View (2.62 KB) Eric Hodel, 07/11/2013 08:51 AM

History

#1 [ruby-core:55903] Updated by Zachary Scott over 3 years ago

  • Status changed from Open to Assigned
  • Assignee set to Yui NARUSE

#2 [ruby-core:55910] Updated by Masaki Matsushita over 3 years ago

It can be reproduced on trunk r41889.

#3 [ruby-core:55912] Updated by Yui NARUSE over 3 years ago

  • Status changed from Assigned to Feedback

I can't reproduce on
* ruby 2.1.0dev (2013-07-10 trunk 41892) [x86_64-freebsd9.1]
* OpenSSL 0.9.8y 5 Feb 2013

Feedback and patch is welcome

#4 [ruby-core:55938] Updated by Eric Hodel over 3 years ago

=begin
I can reproduce it with OpenSSL 1.0.1e 11 Feb 2013 and ruby trunk, it seems related to SSL session reuse.

(({openssl s_client})) for 1.0.1e behaves strangely with this server, however. (({openssl s_client -host secure.nicovideo.jp -port 443})) times out, (({openssl s_client -host secure.nicovideo.jp -port 443 -tls1})) connects successfully. Adding the (({-reconnect})) flag does not produce the timeout for subsequent connections.

With the attached patch the following test.rb attaches successfully twice:

require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this server

https.open_timeout = 5

https.use_ssl = true
https.reuse_ssl_session = false
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK
https.start{ p https.get('/') } #=> (Timeout)

May I commit?

=end

#5 [ruby-core:55945] Updated by Yui NARUSE over 3 years ago

drbrain (Eric Hodel) wrote:

I can reproduce it with OpenSSL 1.0.1e 11 Feb 2013 and ruby trunk, it seems related to SSL session reuse.

(({openssl s_client})) for 1.0.1e behaves strangely with this server, however. (({openssl s_client -host secure.nicovideo.jp -port 443})) times out, (({openssl s_client -host secure.nicovideo.jp -port 443 -tls1})) connects successfully. Adding the (({-reconnect})) flag does not produce the timeout for subsequent connections.

With the attached patch the following test.rb attaches successfully twice:

require "net/https"
https = Net::HTTP.new("secure.nicovideo.jp", 443)
#https = Net::HTTP.new("www.sbisec.co.jp", 443) # same result for this server

https.open_timeout = 5

https.use_ssl = true
https.reuse_ssl_session = false
https.ssl_version = 'TLSv1'
https.start{ p https.get('/') } #=> OK
https.start{ p https.get('/') } #=> (Timeout)

May I commit?

The reuse_ssl_session = false feels workaround; it can't be applied generally.
As far as I understand, this is because SSL-related timeout won't be reconnected though normal HTTP is reconnected automatically.
Therefore https should also reconnect automatically.

#6 [ruby-core:60300] Updated by Hiroshi SHIBATA almost 3 years ago

  • Target version changed from 2.1.0 to current: 2.2.0

Also available in: Atom PDF