How to set up a timeout for TLS hasdshake

[josecelano]

Relates to:

• https://github.com/programatik29/axum-server/pull/39
• https://github.com/programatik29/axum-server/issues/29#issuecomment-1997294299_

I'm using axum-server ina couple of projects and I would like to add a timeout for the TLS handshake.

I've seen that that feature was added here: https://github.com/programatik29/axum-server/pull/39. However, It seems the AddrIncomingConfig was removed. I don't see any example or documentation to set the tcp_keepalive duration in the latest version. Was that feature removed @programatik29?

Originally posted by @josecelano in https://github.com/programatik29/axum-server/issues/29#issuecomment-1997294299

[josecelano]

It seems it was removed on the migration to Hyper 1.0..

[josecelano]

I'm trying to determine how to set the timeout with the new version. It seems Hyper 1.0 supports adding the timeout.

I have been able to make at least Hyper panic with;

let mut server = axum_server::from_tcp(socket);
server.http_builder().http1().header_read_timeout(Duration::from_secs(5));
server.http_builder().http2().keep_alive_timeout(Duration::from_secs(5));

server
    .handle(handle)
    .serve(router.into_make_service_with_connect_info::<std::net::SocketAddr>())
    .await
    .expect("Axum server crashed.")

The panic message:

thread 'tokio-runtime-worker' panicked at /home/josecelano/.cargo/registry/src/index.crates.io-6f17d22bba15001f/hyper-1.2.0/src/common/time.rs:73:32:
timeout `header_read_timeout` set, but no timer set
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I guess there is still something missing. I would appreciate an example of how you can set it up. In the meantime, I would keep trying. If I find the solution, I will open a PR with a new example.

cc @programatik29 @abs0luty

[josecelano]

I've managed to remove the panic with the following:

let mut server = axum_server::from_tcp(socket);

server.http_builder().http1().timer(TokioTimer::new());
server.http_builder().http1().header_read_timeout(Duration::from_secs(5));
server.http_builder().http2().keep_alive_timeout(Duration::from_secs(5));

server
    .handle(handle)
    .serve(router.into_make_service_with_connect_info::<std::net::SocketAddr>())
    .await
    .expect("Axum server crashed.")

But it's not working.

[josecelano]

I have created an example here:

https://github.com/josecelano/axum-server-timeout

I've only been able to set a timeout for sending the headers with header_read_timeout. But I want the server to close the connection if the client does not send any requests.

[josecelano]

Related to: https://github.com/torrust/torrust-tracker/issues/324#issuecomment-1548360076

[josecelano]

I've updated the example with the @programatik29's patch. It works partially because it closes the connection, but it does not return a 408 Request Timeout like ActixWeb.

[josecelano]

Relates to: https://github.com/tokio-rs/axum/issues/2741#issuecomment-2211117776

[josecelano]

There is a new hyper version 1.4.0 which changes the header_read_timeout

[finnbear]

The TLS handshake timeout for bind_rustls still exists but is always 10s: https://github.com/programatik29/axum-server/blob/f657a97d4b9dfa0a014b741c975ab1f19fc18909/src/tls_rustls/mod.rs#L101-L102

AddrIncomingConfig, now removed, was a completely separate PR

[josecelano]

The TLS handshake timeout for bind_rustls still exists but is always 10s:

https://github.com/programatik29/axum-server/blob/f657a97d4b9dfa0a014b741c975ab1f19fc18909/src/tls_rustls/mod.rs#L101-L102

AddrIncomingConfig, now removed, was a completely separate PR

Hi @finnbear thank your feedback. In the end, it was not precisely the handshake timeout that I was trying to find. I want to set a timeout for the time the server waits after opening a connection for the first request to come. I implemented this example to reproduce what I wan to achieve:

https://github.com/josecelano/axum-server-timeout