Tracker API: Add a timeout to the TLS handshake, waiting for headers, and waiting for receiving headers

[josecelano]

Parent issue: https://github.com/torrust/torrust-tracker/issues/603

Related to:

• https://github.com/programatik29/axum-server/issues/116
• https://github.com/torrust/torrust-tracker/issues/612
• https://github.com/torrust/torrust-tracker/issues/613
• https://github.com/tokio-rs/axum/discussions/1383
• https://github.com/hyperium/hyper/issues/3178
• https://docs.rs/actix-web/latest/actix_web/struct.HttpServer.html#method.client_request_timeout
• https://docs.rs/actix-web/latest/actix_web/struct.HttpServer.html#method.tls_handshake_timeout
• https://gist.github.com/programatik29/36d371c657392fd7f322e7342957b6d1

Adds a timeout to:

• The TLS handshake.
• The time the server waits for a request after opening a connection.
• The time waiting for the client to send the headers after starting sending them.

Recently we moved to axum-server and it allows setting TLS handshake timeout.

[josecelano]

I've opened a new issue on the axum-server repo: https://github.com/programatik29/axum-server/issues/116. It seems that feature was removed.

[josecelano]

I've also opened a discussion in the Actix-Web repo: https://github.com/actix/actix-web/discussions/3337

[josecelano]

I guess we can implement what I did here. That patch adds the timeout, but it does not send a 408 response to the client. Anyway, I think there is no other choice in this case.

[josecelano]

The TimeoutAcceptor I used to fix this issue does not work with TSL. See https://github.com/torrust/torrust-index/pull/584#issuecomment-2115499282. We have to remove it from the Axum server bootstrapping code for TSL, which means there is no timeout for TSL again until we find another solution, which makes it insecure again to use your own TSL configuration.

[josecelano]

I've converted the discussion in the Axun repo into a issue: https://github.com/tokio-rs/axum/issues/2741

[josecelano]

A PR has been merged in the hyper repo. It changes the http1_header_read_timeout timeout.

This could fix this issue. We can try when this change is published in a new release.

[josecelano]

A PR has been merged in the hyper repo. It changes the http1_header_read_timeout timeout.

This could fix this issue. We can try when this change is published in a new release.

hyper 1.4.0 has been released with server starting header read timeout immediately (#3185) (0eb1b6cf)

• https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v140-2024-07-01
• https://github.com/torrust/torrust-tracker/pull/945

[josecelano]

We are already using hyper 1.4.0 but it seems it does not solve the problem. We still need the custom TimeAcceptor which is only working when TSL is not enabled.

[josecelano]

I've reopened the issue https://github.com/torrust/torrust-tracker/issues/324 to avoid duplicated comments on:

• https://github.com/torrust/torrust-tracker/issues/612
• https://github.com/torrust/torrust-tracker/issues/613