[rabbitmq-discuss] SSL_TIMEOUT

Matthias Radestock matthias at rabbitmq.com
Wed Sep 18 11:15:22 BST 2013


On 18/09/13 11:04, Dmitry Andrianov wrote:
> We are experiencing troubles with Java clients connecting to Rabbit over
> SSL. Two problems caused by the very same issue:
> * When DNS server takes more than 5 seconds in reverse resolving IP
> address back to name, Rabbit aborts the connection. I assume Java SSL
> layer does that lookup AFTER the TCP connection is already established
> in order to decide which client certificate to provide.
> * When Java client is running on a limited processing power hardware, it
> again takes it more than 5 seconds to finish the SSL handshake and
> again, Rabbit server resets the connection.
>
> I saw that reply from Emile which states SSL_TIMEOUT is not configurable
> http://rabbitmq.1065348.n5.nabble.com/Request-Handshake-Timeout-Increase-tt11342.html#a11346
>
> And as I see in the sources, nothing has changed since then.
>
> So my question is - do you have any plans for fixing it in the near future?

We have no immediate plans of making the timeout configurable. That's 
not to say we won't.

> Are there any options we can modify it at runtime without rebuilding
> Rabbit?

Nope.

> Timeout of 5s is just too short really.

5 seconds is a loooooong time. I suggest you look into why DNS queries 
are taking so long in your set up.

Matthias.


More information about the rabbitmq-discuss mailing list