We encountered a timeout issue with the TLS handshake when connecting to TPP. After adjusting some timeout values in tpp.go, we successfully established a connection. However, the current default settings might be too low for certain environments. Could we consider increasing the default values or making TCP/tls timeouts configurable?
PROBLEM SUMMARY
With a complex network, a tcp/TLS timeout may occur.
STEPS TO REPRODUCE
Not trivial to reproduce, as it requiers a environment with similar latency.
EXPECTED RESULTS
vcert is able to connect to TPP
ACTUAL RESULTS
Error messages:
net/http: TLS handshake timeout
after increasing TLSHandshakeTimeout to 60 seconds error changed to:
context deadline exceeded (Client.Timeout exceeded while awaiting headers)
(still timeout)
ENVIRONMENT DETAILS
issue occurs with vcert 5.7 and TPP.
COMMENTS/WORKAROUNDS
here's the updated code that increased the timeout to 60s which was sufficient in this particular case.
We encountered a timeout issue with the TLS handshake when connecting to TPP. After adjusting some timeout values in tpp.go, we successfully established a connection. However, the current default settings might be too low for certain environments. Could we consider increasing the default values or making TCP/tls timeouts configurable?
PROBLEM SUMMARY With a complex network, a tcp/TLS timeout may occur.
STEPS TO REPRODUCE Not trivial to reproduce, as it requiers a environment with similar latency.
EXPECTED RESULTS vcert is able to connect to TPP
ACTUAL RESULTS Error messages: net/http: TLS handshake timeout after increasing TLSHandshakeTimeout to 60 seconds error changed to: context deadline exceeded (Client.Timeout exceeded while awaiting headers) (still timeout)
ENVIRONMENT DETAILS issue occurs with vcert 5.7 and TPP.
COMMENTS/WORKAROUNDS here's the updated code that increased the timeout to 60s which was sufficient in this particular case.
file: tpp.go func (c Connector) getHTTPClient() http.Client { if c.client != nil { return c.client } var netTransport = &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: (&net.Dialer{ Timeout: 60 time.Second, KeepAlive: 60 time.Second, DualStack: true, }).DialContext, //MaxIdleConns: 100, //IdleConnTimeout: 90 time.Second, //TLSHandshakeTimeout: 60 time.Second, //ExpectContinueTimeout: 1 time.Second, //ResponseHeaderTimeout: 60 time.Second, } tlsConfig := http.DefaultTransport.(http.Transport).TLSClientConfig / #nosec / if c.trust != nil { if tlsConfig == nil { tlsConfig = &tls.Config{ MinVersion: tls.VersionTLS12, } } else { tlsConfig = tlsConfig.Clone() } tlsConfig.RootCAs = c.trust } netTransport.TLSClientConfig = tlsConfig c.client = &http.Client{ Timeout: time.Second 60, Transport: netTransport, } return c.client }