Unstable https behaviour on Java 7 while everything is stable on Java 6

[sovnarkom]

Environment:

• Issue reproduces for both 64 and 32 bit versions of jvm 7.x and works for jvm 6.x.
• OS independent (tested on different windows, linux and even cloud platforms).
• Behaves similar in Jetty and Tomcat.
• Isn't affected by forced SSL version (TLSv1 or SSLv3)

Steps to reproduce:

I connect to https host, and the connection just drops after some time (broken pipe, connection dropped).

The issue reproduces after couple of normal requests (in most cases one).
The issue will not reproduce after some hours in live application for the next request, and then starts to reproduce again.

Notes:

After some debugging I was able to find that connection always hangs and drops right after SSL handshake sent.

I'm not sure if it's apache-cxf problem itself but if I use groovy HTTPBuilder and emulate same soap request — everything works without any issues.

I also tried to update cxf version to latest, but without any changes in issue behaviour.
I'm really puzzled by that issue already.

Please contact me for more detailed information and test project if needed.

[madeupname]

Any progress on this? I am having what appears to be the same issue. I get a socket read time out or connection reset message when making a call to an https endpoint. With http it's fine, and I just switched to JDK6 and it's also fixed like yours.

I believe this has to do with some sort of SSL cache. My behavior is mostly the same as yours:

• no problems with http endpoints, only https
• works fine in soapUI
• it always works the first time, and subsequent requests - if called before the timeout - continue to work
• when it breaks, it's permanently broken for that endpoint. Trying another endpoint will work until you wait too long between calls. So it's consistent.
• I made a simple test where I make a request in a for loop, and after each call I sleep for i * 1000 ms. It always breaks after the 5th call, suggesting that somewhere there is a TTL/keepalive/timeout set at 5 seconds.

I am using the latest plugin, and tried adding TLS config block, but I am getting complaints from the compiler:

Groovy:expecting ']', found 'cipherSuitesFilter' 

if I add a comma after the secureSocketProtocol line, I get:

Groovy:Unexpected node type: EXPR found when expecting type: LABELED_ARG

I was going to try to set sslCacheTimeout to zero to see if that would fix it. But I'm also wondering if that could cause other problems. It seems that when trying to repopulate the cache when using JDK7, there's an error, but I'm not seeing anything helpful in the debug output.

Thanks in advance for any help!

[ctoestreich]

I have been a bit bogged down on a new contract lately and I haven't had much time to dig into my Open Source projects. I would encourage pulling down the code and seeing if you can fix the issue and submit a pull req. 👍

Otherwise it may be a while until I can check out the issue.

[madeupname]

I understand, and appreciate your effort, but to be honest I don't think I'm qualified to mess with your code. It's a bit beyond my skill level. I'll stick with Java 6 for now.