tomcat-embed-core-8.5.4 our service use springboot '1.4.0.RELEASE' centos 6.5 SSL: server.ssl.key-store=classpath:cert/aaaaa.ca.pfx server.ssl.key-store-password=aaaaa server.ssl.keyStoreType=PKCS12 After start, then use shell : #!/usr/bin/bash while true ; do curl -k https://IP/app/current/queryCurrent.action echo "" done and exec the command : netstat -antp | grep CLOSE_WAIT tcp 0 0 ********::443 ********:45138 CLOSE_WAIT 21773/java tcp 0 0 ********::443 ********::44910 CLOSE_WAIT 21773/java tcp 0 0 ********::443 ********::44464 CLOSE_WAIT 21773/java tcp 0 0 ********::443 ********::45234 CLOSE_WAIT 21773/java tcp 0 0 ********::443 ********::43768 CLOSE_WAIT 21773/java tcp 0 0 ********::443 ********::44216 CLOSE_WAIT 21773/java ...... nondecreasing run without ssl no problem code line 1399 in org.apache.tomcat.util.net.NioEndpoint Using HTTP always get true and When CLOSE_WAIT appears always "handshake == SelectionKey.OP_READ" and never change(Even if the client is closed) These CLOSE_WAIT lived for more than 12 hours yet
*** This bug has been marked as a duplicate of bug 60035 ***
Thanks. Has been upgraded to 8.5.6 and the problem is solved
(In reply to Mark Thomas from comment #1) > > *** This bug has been marked as a duplicate of bug 60035 *** Thanks ,the problem is solved, but I don't think the relationship with r1746551 is direct I think the main solution to this problem is the following code org.apache.tomcat.util.net.NioEndpoint if (socket.isHandshakeComplete()) { // No TLS handshaking required. Let the handler // process this socket / event combination. handshake = 0; } else if (event == SocketEvent.STOP || event == SocketEvent.DISCONNECT || event == SocketEvent.ERROR) { // Unable to complete the TLS handshake. Treat it as // if the handshake failed. handshake = -1; } else { handshake = socket.handshake(key.isReadable(), key.isWritable()); // The handshake process reads/writes from/to the // socket. status may therefore be OPEN_WRITE once // the handshake completes. However, the handshake // happens when the socket is opened so the status // must always be OPEN_READ after it completes. It // is OK to always set this as it is only used if // the handshake completes. event = SocketEvent.OPEN_READ; }
@hiki's comments seems right and thats why a port to 7.0 line would be needed. We have hit this issue in 7.0 tomcat version.
Reopening as porting to 7.0 version is needed.
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1757813&r2=1757903&diff_format=h This is the change that needs to be ported to 7.0
This report, as originally described, is not reproducible on Tomcat 8.0.x and earlier. While sockets in CLOSE_WAIT are observed, they do not remain in that state for more than a few seconds. Further, analysis of this issue with 8.5.x/trunk showed that it was introduced by r1746551 and that r1757903 was the correct fix for that issue. You can not be observing the same problem on 7.0.x, even if the symptoms are identical, as r1746551 was not back-ported to 8.0.x or earlier. Since the root causes are different there is no basis to conclude that the required fix is the same. Please open a new issue and provide the steps to reproduce on a clean install of the latest stable release of any of the supported branches (currently 7.0.x, 8.0.x, 8.5.x and 9.0.x).