Comments (9)
Captured also list of client connections with netstat:
$ while true; do netstat -anp | grep "$(pgrep java | tail -n1)/java"; sleep 1; done
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 172.25.75.3:40586 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40346 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40316 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40450 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50142 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40658 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40498 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40512 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40404 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40308 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50156 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50108 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40466 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40294 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40318 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50122 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40602 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40330 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40630 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40416 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40344 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40520 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40434 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40612 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40456 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40418 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40280 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40544 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40600 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40626 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40288 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40650 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40354 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40302 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40482 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40474 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40432 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40360 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50120 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40324 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40572 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40412 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40368 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40238 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40560 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40400 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40378 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40642 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40532 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50164 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40252 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50134 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40264 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40646 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40392 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50094 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40574 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40230 172.67.72.249:443 ESTABLISHED 109768/java
unix 2 [ ] STREAM CONNECTED 798347 109768/java
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 172.25.75.3:40586 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40346 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40680 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40316 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40450 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50142 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40658 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40498 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40512 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40404 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40308 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50156 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50108 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40466 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40294 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40318 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50122 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40602 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40330 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40630 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40416 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40344 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40520 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40434 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40612 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40676 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40456 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40418 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40280 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40544 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40682 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40600 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40626 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40288 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40650 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40694 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40354 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40664 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40302 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40482 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40474 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40432 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40360 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50120 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40324 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40572 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40688 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40412 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40368 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40238 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40560 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40400 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40378 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40642 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40532 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50164 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40252 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50134 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40264 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40646 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40392 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:50094 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40686 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40574 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40230 172.67.72.249:443 ESTABLISHED 109768/java
unix 2 [ ] STREAM CONNECTED 798347 109768/java
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 172.25.75.3:40586 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40680 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40450 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40658 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40712 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40498 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40512 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40466 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40602 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40630 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40520 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40612 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40676 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40456 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40740 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40544 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40682 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40600 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40626 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40742 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40710 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40650 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40694 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40664 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40728 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40482 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40474 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 111 172.25.75.3:40760 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40572 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40688 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40750 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40738 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40560 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40642 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40532 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40646 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40686 172.67.72.249:443 ESTABLISHED 109768/java
tcp6 0 0 172.25.75.3:40574 172.67.72.249:443 ESTABLISHED 109768/java
...................................................................................
...................................................................................
from jersey.
This sounds like a problem with the certificate, or the SSL version. The JDK 21 release notes says:
security-libs/javax.net.ssl
➜ The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit (JDK-8301700)
The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.
As a workaround, users can revert to the previous size by setting the jdk.tls.ephemeralDHKeySize system property to 1024 (at their own risk).
This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.
from jersey.
The issue happens during the SSL connection handshake, there could be some difference between the server and client settings.
You can use -Djavax.net.debug=all -Dssl.debug=true
Java options to debug.
from jersey.
I have the impression that the error I get from running the program is just part of a bigger issue. I'm more worried what I observe about open connections by the process. Also note, clearly this has little to do with JDK itself, issue starts manifesting when changing Jersey libraries from 2.40
to >=2.41
.
from jersey.
For Jersey 2.43 when I enabled -Djavax.net.debug=all
to test, I can see that for each of the POST requests from the program's loop new connection is getting open and SSL protocol negotiation occurs, which explains why execution takes significantly more time. Initially open connections get "abandoned" and would stale after a while, producing this kind of output:
javax.net.ssl|WARNING|02|Keep-Alive-Timer|2024-05-23 16:51:29.122 CEST|SSLSocketImpl.java:1220|input stream close depletion failed (
"throwable" : {
java.net.SocketTimeoutException: Read timed out
at java.base/sun.nio.ch.NioSocketImpl.timedRead(NioSocketImpl.java:278)
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:304)
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:346)
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:796)
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:1099)
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:1093)
at java.base/sun.security.ssl.SSLSocketInputRecord.deplete(SSLSocketInputRecord.java:509)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.readLockedDeplete(SSLSocketImpl.java:1216)
at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.deplete(SSLSocketImpl.java:1191)
at java.base/sun.security.ssl.SSLSocketImpl.bruteForceCloseInput(SSLSocketImpl.java:808)
at java.base/sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:664)
at java.base/sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:584)
at java.base/sun.net.www.http.HttpClient.closeServer(HttpClient.java:1139)
at java.base/sun.net.www.protocol.https.HttpsClient.closeServer(HttpsClient.java:442)
at java.base/sun.net.www.http.KeepAliveCache.run(KeepAliveCache.java:282)
at java.base/java.lang.Thread.run(Thread.java:1583)
at java.base/jdk.internal.misc.InnocuousThread.run(InnocuousThread.java:186)}
)
javax.net.ssl|DEBUG|02|Keep-Alive-Timer|2024-05-23 16:51:29.122 CEST|SSLSocketImpl.java:1775|close the SSL connection (passive)
javax.net.ssl|DEBUG|02|Keep-Alive-Timer|2024-05-23 16:51:29.122 CEST|SSLSocketImpl.java:577|duplex close of SSLSocket
With Jersey 2.40 this doesn't happen. For program one connection is open and reused for consequent requests execution, protocol negotiation occurs once before first request as expected. Is there anything changed in connections management with HttpUrlConnection after 2.40? Why would every time to make a request the new connection is needed, is that anticipated by the implementation for e.g. pooling?
from jersey.
There was quite some changes around SSL configuration and HttpUrlConnector happening in this commit: 73bdf5f
Not sure how to validate if that changeset introduced a problem with connections and open sockets that I observe.
from jersey.
Related Issues (20)
- Inquiry about Jersey Project Licensing and Third-Party Content Usage HOT 7
- jersey 3.1 default exception mapper message interferes with setStatusOverSendError=true
- [Feature request] Configuration options for multipart requests (Jersey 3.1.x) HOT 8
- `UriRoutingContext` may not log tracing events
- Each HTTP request unnecessarily starts a new thread, resource leak. HOT 6
- HttpUrlConnector to support domain fronting HOT 2
- Jersey 3.1.6 release HOT 2
- Jersey 3.0.x has no working provider that support Java 17, PATCH, and multipart attachments HOT 3
- JdkConnector does not properly cleanup ERROR state connections HOT 3
- NettyConnector does not respect timeouts HOT 7
- CVE-2023-4043 for jersey-media-json-binding dependency (parsson-1.1.1) HOT 2
- Injection error when using a `DynamicFeature` HOT 3
- Possible NPE in RequestContextFilter when other Filters prioritized
- Carrier Thread pinning on stack CommittingOutputStream.flushBuffer() HOT 9
- Jersey 3.1.7 release HOT 5
- Jersey 3.1.6 not closing request on Jetty earlyEOF HOT 3
- Connection is not stable (wrong detection if SSL context is configured) HOT 1
- Preserve whitespace in Content-Type header HOT 5
- What is the difference between jersey2.x, jersey 3.x and jersey4.x and which one is recommended? HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jersey.