New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLEngine closed already; nested exception is io.netty.handler.ssl.SslClosedEngineException #2509
Comments
@anmol1vw13 As @pderop wrote in his comment #2499 (comment) please upgrade to the latest released versions for Reactor/Spring |
I've enabled debug logs and here's my observation. Things work fine, if there's continuous traffic. But once there's a complete halt i.e. the API calls using netty is not being made, I see the following log
All the subsequent requests fail thereafter. When does this USER_EVENT, SslCloseCompletionEvent get fired and how do I auto recover the connection, when the next request comes through? |
@violetagg Updating spring to the latest version is not an option at the moment. There could be a lot of breaking changes. It would be great if you could help out with |
@anmol1vw13 That's unfortunate ... you are missing an important fix in |
@anmol1vw13 May be as a workaround for your case (as you cannot upgrade) you can configure |
@violetagg I found a patch version of spring-boot-starter-webflux
This doesn't seem to work though because after a few minutes of inactivity I still see the SslCloseCompletionEvent in the logs, after which all the subsequent request fail with SslClosedEngineException. Can you help me understanding when and why does SslCloseCompletionEvent occur? I mean even if the SSLEngine gets closed, how can we recover when the next external API call happens? |
Setting maxIdleTime got things working. This exercise also helped me gain a lot of understanding on how reactor-netty-http works. It's a beast and does a lot of things to ensure the requests are quick. @violetagg Instead of using environment variables, I'm using a ConnectionProvider as shown below. Please let me know if this is the right way to set it or if I need to change anything.
|
@anmol1vw13 Yes that's the correct way of configuring the connection pool. You may want to configure max connections because with the configuration above you will have only 16 connections. Please check the documentation for more information https://projectreactor.io/docs/netty/release/reference/index.html#_connection_pool_2 |
@violetagg How about I use this configuration, as mentioned in the document!
Can you explain what pending acquire timeout means? |
@anmol1vw13 This is just an example, you have to test the configuration with your solution and to see which settings are more appropriate for your use case.
If there is no free connection in the pool, this is the time that we will wait for a connection to become free. |
Hi, We are about to merge the #2518 PR, which may avoid the "SSLEngine closed already" exception in your case. However, using the PR, if the server closes the connection while the client is currently writing a request to the connection, or is currently waiting for the response, then the client will get a PrematureCloseException or an AbortedException (this we can't avoid). |
#2518) When a TLS close_notify is received and when the close_notify ack is replied, then the Netty SslHandler just does not close the channel. Instead of that, in that case it fires a SslCloseCompletionEvent.SUCCESS event down the pipeline, and the closing of the channel is left to other handlers. And since the TLS RFC states that the party receiving a close_notify MUST respond with a close_notify alert of its own and close down the connection immediately, let's do this in Reactor-Netty. This patch won't avoid AbortedExceptions or PrematureCloseException exceptions in case a close_notify is being received while a request is being written, or while a response is waited for, but it may address some of the pain highlighted by #2498, #2499, and #2509; and may avoid SslClosedEngineException: SSLEngine closed already " exceptions.
I'm facing the following SSLEngine issue with negligible load.
The connection observed an error io.netty.handler.ssl.SslClosedEngineException: SSLEngine closed already
Stack:
spring-boot-starter-parent 2.5.6
spring-boot-starter-webflux 2.5.6
Here's the trace
The web client bean that is used is as shown below
A sample API call using webclient
Dependency tree
The text was updated successfully, but these errors were encountered: