Bug 1148565

Summary: Management HTTP server closing idle connections prematurely.
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Darran Lofthouse <darran.lofthouse>
Component: Domain ManagementAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Slavicek <pslavice>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4.0CC: dandread, pkremens
Target Milestone: DR4   
Target Release: EAP 6.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
JBoss EAP's management HTTP server contains a timeout handler which is intended to terminate idle connections after 5 minutes. In previous versions of the product the timeout was terminating connections after 30 seconds. Any active SSL sessions were also terminated as a side effect of the connection being terminated. When the client's web browser reconnected for a subsequent invocation the a fresh SSL session had to be created. In this release of the product, the idle connection timeout is now set correctly to 5 minutes. Web browser initiated shut down of keep alive connections can now happen as intended, leaving any underlying SSL sessions intact and allowing the web browser to resume its previous session the next time it connects.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-19 12:43:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1148532    

Description Darran Lofthouse 2014-10-01 18:11:18 UTC 
Description of problem:

By default the forked Sun HTTP server in use for management over HTTP is supposed to allow connections to remain idle for up to 5 minutes, connections are however being terminated at 30 seconds.

Web browsers also contain their own keep alive timer but closing connections at 30 seconds they never get a chance.

As the server is closing the connection any underlying SSLSession is also being invalidated meaning that on reconnecting a new SSLSession needs to be established.

For this BZ the default idle time of 5 minutes should be restored, by default there is also a maximum of 200 idle connections anyway so this is not going to result in a DoS attack by allowing the idle connections to grow unconstrained.
Comment 2 Radim Hatlapatka 2014-10-08 15:58:43 UTC 
Verified in EAP 6.4.0.DR4