24.3 url function takes longer than expected to respond when configured with an incompatible cipher

[strtgbb]

Describe the situation 24.3 takes longer than expected to respond when configured with an incompatible cipher. This affects URL function and dictionaries with a URL source.

How to reproduce Affected version: 24.3

• Non-default settings

<cipherList>some-incompatble-cipher</cipherList>

Localhost is running a simple HTTPS web-server that is configured with a restricted list of ciphers and responds with an integer.

For example, the webserver could be configured with

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384

And ClickHouse with

PSK-AES128-CBC-SHA

• Queries to run that lead to slow performance

One example:

echo -e "SELECT * FROM url('https://127.0.0.1:5001/data', 'CSV') FORMAT CSV" | clickhouse client -n 2>&1

This responds with an error message in about 30 seconds.

The effect can also be observed when selecting from a dictionary with a URL source.

Expected performance I expect similar response times to previous versions. 24.2 and 23.8 work as expected and respond with an error in under 60ms

[strtgbb]

Potentially related https://github.com/ClickHouse/ClickHouse/issues/66656 https://github.com/ClickHouse/ClickHouse/issues/65996