Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1148565 - Management HTTP server closing idle connections prematurely.
Management HTTP server closing idle connections prematurely.
Status: VERIFIED
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management (Show other bugs)
6.4.0
Unspecified Unspecified
unspecified Severity unspecified
: DR4
: EAP 6.4.0
Assigned To: Darran Lofthouse
Pavel Slavicek
:
Depends On:
Blocks: 1148532
  Show dependency treegraph
 
Reported: 2014-10-01 14:11 EDT by Darran Lofthouse
Modified: 2018-06-07 17:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
JBoss EAP's management HTTP server contains a timeout handler which is intended to terminate idle connections after 5 minutes. In previous versions of the product the timeout was terminating connections after 30 seconds. Any active SSL sessions were also terminated as a side effect of the connection being terminated. When the client's web browser reconnected for a subsequent invocation the a fresh SSL session had to be created. In this release of the product, the idle connection timeout is now set correctly to 5 minutes. Web browser initiated shut down of keep alive connections can now happen as intended, leaving any underlying SSL sessions intact and allowing the web browser to resume its previous session the next time it connects.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Darran Lofthouse 2014-10-01 14:11:18 EDT 
Description of problem:

By default the forked Sun HTTP server in use for management over HTTP is supposed to allow connections to remain idle for up to 5 minutes, connections are however being terminated at 30 seconds.

Web browsers also contain their own keep alive timer but closing connections at 30 seconds they never get a chance.

As the server is closing the connection any underlying SSLSession is also being invalidated meaning that on reconnecting a new SSLSession needs to be established.

For this BZ the default idle time of 5 minutes should be restored, by default there is also a maximum of 200 idle connections anyway so this is not going to result in a DoS attack by allowing the idle connections to grow unconstrained.
Comment 2 Radim Hatlapatka 2014-10-08 11:58:43 EDT 
Verified in EAP 6.4.0.DR4
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.