[rabbitmq-discuss] More about SSL_TIMEOUT
Dmitry Andrianov
dmitry.andrianov at alertme.com
Mon Jun 9 17:15:29 BST 2014
[Michael Klishin suggested me to post the issue in a new thread in order
for it to be reviewed properly for possible inclusion in your issue tracker]
So to remind. the issue is Rabbit MQ Java client failing to connect to
the server (with "connection reset").
The problem is there because Rabbit MQ server kills inbound connection
should SSL handshake not finish in 5 seconds.
I first experienced the issue in the network where something was not
quite right with DNS server - I found that when establishing SSL
connection the Java client did a reverse lookup of IP address. (That
means the "forward" DNS lookup was already done and IP address resolved
from the server name, TCP connection was already established to that IP
and only then Java SSL code started reverse lookup).
When that reverse DNS lookup takes more than 5 sec, Rabbit MQ server
kills the connection. And even though we retry 30 seconds later - it is
not going to improve so process repeats.
Since that first time, I saw this problem multiple times on other
networks. The solution each time was to manually hack /etc/hosts file to
put there the IP address with arbitrary name. This makes that IP to name
translation quick and connection succeeds. This is obviously a
workaround, not a solution.
IIRC, that reverse lookup was done by standard Java SSL support, not
Rabbit MQ client library so it is not a Rabbit MQ bug technically. I do
not know why Java SSL code does that lookup but it did not seem easy how
to avoid it.
So for me the solution would be to increase the timeout to 10 sec
minimum or, probably better, make it configurable.
Many thanks
This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.
AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.
More information about the rabbitmq-discuss
mailing list