Jetty Http2 Client SSL connection timeout

Question

Setup: Spring Boot 1.4.1

Maven dependencies:

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty.http2</groupId>
        <artifactId>http2-client</artifactId>
        <version>9.4.6.v20170531</version>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-io</artifactId>
        <version>9.4.6.v20170531</version>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-util</artifactId>
        <version>9.4.6.v20170531</version>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-http</artifactId>
        <version>9.4.6.v20170531</version>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-http</artifactId>
        <version>9.4.6.v20170531</version>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty</groupId>
        <artifactId>jetty-alpn-client</artifactId>
        <version>9.4.6.v20170531</version>
    </dependency>
    <dependency>
        <groupId>org.eclipse.jetty.alpn</groupId>
        <artifactId>alpn-api</artifactId>
        <version>1.1.3.v20160715</version>
    </dependency>

The SSL Factory:

public static SslContextFactory createSslContextFactory(String trustKeyStorePath, String trustKeyStorePass, String keyStorePath, String keyStorePass, String keyManagerPass) throws Exception {
//      logger.info("Creating SSL factory");
        System.out.println("Creating SSL factory");
        SslContextFactory sslContextFactory = new SslContextFactory(true);
        try (FileInputStream trustKeyStoreStream = new FileInputStream(trustKeyStorePath);
                FileInputStream keyStoreStream = new FileInputStream(keyStorePath)) {
            KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            truststore.load(trustKeyStoreStream, trustKeyStorePass.toCharArray());
            keystore.load(keyStoreStream, keyStorePass.toCharArray());
            sslContextFactory.setTrustAll(false);
            sslContextFactory.setTrustStore(truststore);
            sslContextFactory.setKeyStore(keystore);
            sslContextFactory.setKeyManagerPassword(keyManagerPass);

        } catch (KeyStoreException e) {
//          logger.error("Keystore error", e);
            e.printStackTrace();
            throw e;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
//          logger.error("Key loading error", e);
            e.printStackTrace();
            throw e;
        }
        return sslContextFactory;
    }

The connection snippet:

this.client = new HTTP2Client();
            client.setIdleTimeout(-1);//disable client session timeout
            try {
                client.addBean(this.sslContextFactory);
                client.start();
                System.out.println("Connecting on " + this.host + ":" + this.port);
                FuturePromise<Session> sessionPromise = new FuturePromise<>();
                client.connect(sslContextFactory, new InetSocketAddress(this.host, this.port), new NEADSessionListener(clientInstanceName, this), sessionPromise);
                this.session = sessionPromise.get(5, TimeUnit.SECONDS);
            } catch (...) {

I am running using

-Xbootclasspath/p:/path/to/alpn-boot-8.1.10.v20161026.jar

which is the appropriate version for my JVM.

The result is

java.util.concurrent.TimeoutException
        at org.eclipse.jetty.util.FuturePromise.get(FuturePromise.java:130)

Setting the jetty logger on debug didn't help much, the last logged items are:

2017-07-21 04:44:51.483 DEBUG 18323 --- [tp1224347463-26] org.eclipse.jetty.io.FillInterest        : FillInterest@673fa7d3{true,SSLC.NBReadCB@29ab178d{SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e<-SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=0/-1}{io=0/0,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e}} register SSLC.NBReadCB@29ab178d{SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e<-SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=0/-1}{io=0/0,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e}
2017-07-21 04:44:51.483 DEBUG 18323 --- [tp1224347463-26] org.eclipse.jetty.io.ChannelEndPoint     : changeInterests p=false 0->1 for SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=0/-1}{io=0/1,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-26] org.eclipse.jetty.io.ManagedSelector     : Queued change CEP:SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=0/-1}{io=0/1,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e:runUpdateKey:NON_BLOCKING on org.eclipse.jetty.io.ManagedSelector@1ed1993a id=0 keys=1 selected=0
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-29] org.eclipse.jetty.io.ManagedSelector     : Selector loop woken up from select, 0/1 selected
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-26] org.eclipse.jetty.io.ssl.SslConnection   : onFillable exit DecryptedEndPoint@51fd3eea{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=1/-1}->ALPNClientConnection@474a457e->SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=1/-1}{io=0/1,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-29] org.eclipse.jetty.io.ManagedSelector     : Running action CEP:SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=1/-1}{io=0/1,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e:runUpdateKey:NON_BLOCKING
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-26] o.e.j.u.t.Invocable$InvocableExecutor    : org.eclipse.jetty.util.thread.Invocable$InvocableExecutor@5b99f42f invoked CEP:SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=1/-1}{io=0/1,kio=0,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e:runFillable:BLOCKING
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-26] o.e.j.u.thread.strategy.EatWhatYouKill   : EatWhatYouKill@1f3f4916/org.eclipse.jetty.io.ManagedSelector$SelectorProducer@794cb805/PRODUCING/1/1 produce exit
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-29] org.eclipse.jetty.io.ChannelEndPoint     : Key interests updated 0 -> 1 on SocketChannelEndPoint@390cc1df{nead.2.addr/10.203.6.184:9443<->/192.168.111.11:41652,OPEN,fill=FI,flush=-,to=1/-1}{io=1/1,kio=1,kro=1}->SslConnection@29ab178d{NOT_HANDSHAKING,eio=-1/-1,di=-1}=>ALPNClientConnection@474a457e
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-26] o.e.jetty.util.thread.QueuedThreadPool   : ran EatWhatYouKill@1f3f4916/org.eclipse.jetty.io.ManagedSelector$SelectorProducer@794cb805/PRODUCING/1/1
2017-07-21 04:44:51.484 DEBUG 18323 --- [tp1224347463-29] org.eclipse.jetty.io.ManagedSelector     : Selector loop waiting on select

Note that the connection to the same server, using the same keys, is working from another software.

There is not enough information. Is the server correctly configured to run HTTP/2 ? If you can easily reproduce, can you please open an issue at https://github.com/eclipse/jetty.project/issues and attach a reproducible test case ? Thanks ! — sbordet, Jul 24 '17 at 14:38
Thanks. Figured out eventually that it was just the way we loaded the project. The IDE was adding -Xbootclasspath at the end instead of before -jar .... It would be nice though if the error thrown by the client was a little more specific, since, obviously, it was unable to negotiate the connection in the absence of ALPN. — Deroude, Jul 26 '17 at 08:45

score 0 · Answer 1 · answered Jul 26 '17 at 08:40

0

Turns out that the order of Java switches was the cause of the issue -- more specifically, -Xbootclasspath/p:/path/to/alpn-boot-8.1.10.v20161026.jar needs to go before anything else, definitely before -jar program.jar.

answered Jul 26 '17 at 08:40

Deroude

909
6
22

Jetty Http2 Client SSL connection timeout

1 Answers1