net/http: TLS handshake timeout

[sabixx]

We encountered a timeout issue with the TLS handshake when connecting to TPP. After adjusting some timeout values in tpp.go, we successfully established a connection. However, the current default settings might be too low for certain environments. Could we consider increasing the default values or making TCP/tls timeouts configurable?

PROBLEM SUMMARY With a complex network, a tcp/TLS timeout may occur.

STEPS TO REPRODUCE Not trivial to reproduce, as it requiers a environment with similar latency.

EXPECTED RESULTS vcert is able to connect to TPP

ACTUAL RESULTS Error messages: net/http: TLS handshake timeout after increasing TLSHandshakeTimeout to 60 seconds error changed to: context deadline exceeded (Client.Timeout exceeded while awaiting headers） (still timeout)

ENVIRONMENT DETAILS issue occurs with vcert 5.7 and TPP.

COMMENTS/WORKAROUNDS here's the updated code that increased the timeout to 60s which was sufficient in this particular case.

file: tpp.go func (c Connector) getHTTPClient() http.Client { if c.client != nil { return c.client } var netTransport = &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: (&net.Dialer{ Timeout: 60 time.Second, KeepAlive: 60 time.Second, DualStack: true, }).DialContext, //MaxIdleConns: 100, //IdleConnTimeout: 90 time.Second, //TLSHandshakeTimeout: 60 time.Second, //ExpectContinueTimeout: 1 time.Second, //ResponseHeaderTimeout: 60 time.Second, } tlsConfig := http.DefaultTransport.(http.Transport).TLSClientConfig / #nosec / if c.trust != nil { if tlsConfig == nil { tlsConfig = &tls.Config{ MinVersion: tls.VersionTLS12, } } else { tlsConfig = tlsConfig.Clone() } tlsConfig.RootCAs = c.trust } netTransport.TLSClientConfig = tlsConfig c.client = &http.Client{ Timeout: time.Second 60, Transport: netTransport, } return c.client }