CherryPy SSL Built-in Adapter Causing Port Contention with Netcat

[PraveenKumarVN]

I'm encountering an issue with CherryPy's built-in SSL adapter where it seems to cause port contention with netcat. When I run a CherryPy server with SSL enabled using the built-in adapter, and establish a TCP connection using netcat nc localhost 8080 without performing TLS handshake, not able to access the application via browser or any other client until I complete the TLS handshake in netcat. However, if I switch to using PyOpenSSL, able to access the application via other clients while TLS handshake is not yet done in TCP connection via netcat.

I'm not sure why the built-in SSL adapter is causing this behavior, but it seems to be related to how it manages SSL connections or handles socket bindings.

Has anyone encountered a similar issue with CherryPy's built-in SSL adapter? Any insights or suggestions on how to resolve or further debug this issue would be greatly appreciated.

Thank you!

I'm submitting a ...

• bug report
• feature request
• question about the decisions made in the repository

Do you want to request a feature or report a bug? Report a bug

What is the current behavior?
Here's a summary of the setup and behavior:

• I have a CherryPy application configured to use SSL with the built-in adapter.
• When I start the CherryPy server, it binds to the specified port with SSL enabled.
• Access the URL https://localhost:8080/ in browser, returns "Hello, world!"
• Execute nc localhost 8080 in a terminal
• Access the URL https://localhost:8080/ again in browser, it hangs.
• Terminate ctrl+c the nc command in terminal, "Hello, world!" is returned in the browser.
• But if change to cherrypy.server.ssl_module = 'pyopenssl', with TCP connection established using nc, able to access the URL in the browser and other clients.

If the current behavior is a bug, please provide the steps to reproduce and if possible a screenshots and logs of the problem. If you can, show us your code.

class YourApp:
    @cherrypy.expose
    def index(self):
        return "Hello, world!"


if __name__ == '__main__':
    # Configuration
    cherrypy.config.update({
        'server.thread_pool': 10,  # Number of threads in the pool
        'server.socket_host': '0.0.0.0',  # Bind to all interfaces
        'server.socket_port': 8080,  # Port to listen on
        'server.socket_timeout': 60
    })

    cherrypy.server.ssl_module = 'builtin'  # Use the built-in SSL module
    cherrypy.server.ssl_certificate = 'cert.pem'  # Path to your SSL certificate
    cherrypy.server.ssl_private_key = 'key.pem'

    cherrypy.quickstart(YourApp(), '/')

What is the expected behavior?

• App should server requests even if a connection handshake is in progress

What is the motivation / use case for changing the behavior?

Please tell us about your environment:

• Cheroot version: 8.4.3
• CherryPy version: 18.9.0
• Python version: 3.11
• OS: MacOs 14.1
• Browser: all

[webknjaz]

cherrypy/cheroot#649 will hopefully fix this.

[PraveenKumarVN]

@webknjaz Thanks for the update, I could see that PR has been merged, do you know when this will be released? Thanks.

[webknjaz]

Follow the discussion over in Cheroot.