If tlsNegotiationTimeout is not configured, it will be resolved as th… (#2917)

zoewangg · web-flow · commit ad29dd4cf5fb · 2021-12-14T11:12:20.000-08:00
* If tlsNegotiationTimeout is not configured, it will be resolved as the connectTimeout

* Address feedback

* Fix tls timeout resolution

* Update changelog entry
diff --git a/.changes/next-release/feature-NettyNIOHTTPClient-7eae6f4.json b/.changes/next-release/feature-NettyNIOHTTPClient-7eae6f4.json
@@ -0,0 +1,6 @@
+{
+    "category": "Netty NIO HTTP Client", 
+    "contributor": "", 
+    "type": "feature", 
+    "description": "If `tlsNegotiationTimeout` is not configured, it will be set to the resolved `connectionTimeout`. By default, `tlsNegotiationTimeout` is now 2s instead of 10s"
+}
diff --git a/http-client-spi/src/main/java/software/amazon/awssdk/http/SdkHttpConfigurationOption.java b/http-client-spi/src/main/java/software/amazon/awssdk/http/SdkHttpConfigurationOption.java
@@ -124,6 +124,9 @@ public final class SdkHttpConfigurationOption<T> extends AttributeMap.Key<T> {
     /**
      * The maximum amount of time that a TLS handshake is allowed to take from the time the CLIENT HELLO
      * message is sent to the time the client and server have fully negotiated ciphers and exchanged keys.
+     *
+     * <p>
+     * If not specified, the default value will be the same as the resolved {@link #CONNECTION_TIMEOUT}.
      */
     public static final SdkHttpConfigurationOption<Duration> TLS_NEGOTIATION_TIMEOUT =
         new SdkHttpConfigurationOption<>("TlsNegotiationTimeout", Duration.class);
@@ -134,7 +137,7 @@ public final class SdkHttpConfigurationOption<T> extends AttributeMap.Key<T> {
     private static final Duration DEFAULT_CONNECTION_ACQUIRE_TIMEOUT = Duration.ofSeconds(10);
     private static final Duration DEFAULT_CONNECTION_MAX_IDLE_TIMEOUT = Duration.ofSeconds(60);
     private static final Duration DEFAULT_CONNECTION_TIME_TO_LIVE = Duration.ZERO;
-    private static final Duration DEFAULT_TLS_HANDSHAKE_TIMEOUT = Duration.ofSeconds(10);
+    private static final Duration DEFAULT_TLS_HANDSHAKE_TIMEOUT = DEFAULT_CONNECTION_TIMEOUT;
     private static final Boolean DEFAULT_REAP_IDLE_CONNECTIONS = Boolean.TRUE;
     private static final int DEFAULT_MAX_CONNECTIONS = 50;
     private static final int DEFAULT_MAX_CONNECTION_ACQUIRES = 10_000;
diff --git a/http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/NettyNioAsyncHttpClient.java b/http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/NettyNioAsyncHttpClient.java
@@ -720,6 +720,11 @@ public void setHttp2Configuration(Http2Configuration http2Configuration) {
 
         @Override
         public SdkAsyncHttpClient buildWithDefaults(AttributeMap serviceDefaults) {
+            if (standardOptions.get(SdkHttpConfigurationOption.TLS_NEGOTIATION_TIMEOUT) == null) {
+                standardOptions.put(SdkHttpConfigurationOption.TLS_NEGOTIATION_TIMEOUT,
+                                    standardOptions.get(SdkHttpConfigurationOption.CONNECTION_TIMEOUT));
+            }
+
             return new NettyNioAsyncHttpClient(this, standardOptions.build()
                                                                     .merge(serviceDefaults)
                                                                     .merge(NETTY_HTTP_DEFAULTS)
diff --git a/http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/NettyNioAsyncHttpClientWireMockTest.java b/http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/NettyNioAsyncHttpClientWireMockTest.java
@@ -125,6 +125,47 @@ public void defaultConnectionIdleTimeout() {
         }
     }
 
+    @Test
+    public void noTlsTimeout_shouldResolveToConnectTimeout() {
+        Duration connectTimeout = Duration.ofSeconds(1);
+        try (NettyNioAsyncHttpClient client = (NettyNioAsyncHttpClient) NettyNioAsyncHttpClient.builder()
+                                                                                               .connectionTimeout(connectTimeout)
+                                                                                               .build()) {
+            assertThat(client.configuration().tlsHandshakeTimeout()).isEqualTo(connectTimeout);
+        }
+        Duration timeoutOverride = Duration.ofSeconds(2);
+        try (NettyNioAsyncHttpClient client = (NettyNioAsyncHttpClient) NettyNioAsyncHttpClient.builder()
+                                                                                               .connectionTimeout(connectTimeout)
+                                                                                               .connectionTimeout(timeoutOverride)
+                                                                                               .build()) {
+            assertThat(client.configuration().tlsHandshakeTimeout()).isEqualTo(timeoutOverride);
+        }
+
+        try (NettyNioAsyncHttpClient client = (NettyNioAsyncHttpClient) NettyNioAsyncHttpClient.create()) {
+            assertThat(client.configuration().tlsHandshakeTimeout().toMillis()).
+                isEqualTo(client.configuration().connectTimeoutMillis());
+        }
+    }
+
+    @Test
+    public void tlsTimeoutConfigured_shouldHonor() {
+        Duration connectTimeout = Duration.ofSeconds(1);
+        Duration tlsTimeout = Duration.ofSeconds(3);
+        try (NettyNioAsyncHttpClient client = (NettyNioAsyncHttpClient) NettyNioAsyncHttpClient.builder()
+                                                                                               .tlsNegotiationTimeout(tlsTimeout)
+                                                                                               .connectionTimeout(connectTimeout)
+                                                                                               .build()) {
+            assertThat(client.configuration().tlsHandshakeTimeout()).isEqualTo(tlsTimeout);
+        }
+
+        try (NettyNioAsyncHttpClient client = (NettyNioAsyncHttpClient) NettyNioAsyncHttpClient.builder()
+                                                                                               .connectionTimeout(connectTimeout)
+                                                                                               .tlsNegotiationTimeout(tlsTimeout)
+                                                                                               .build()) {
+            assertThat(client.configuration().tlsHandshakeTimeout()).isEqualTo(tlsTimeout);
+        }
+    }
+
     @Test
     public void overrideConnectionIdleTimeout_shouldHonor() {
         try (NettyNioAsyncHttpClient client = (NettyNioAsyncHttpClient) NettyNioAsyncHttpClient.builder()
