[Webkit-unassigned] [Bug 206938] New: Safari hangs indefinitely on connections that accept the TCP connection but do not then negotiation the TLS connection

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 29 09:01:28 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=206938

            Bug ID: 206938
           Summary: Safari hangs indefinitely on connections that accept
                    the TCP connection but do not then negotiation the TLS
                    connection
           Product: WebKit
           Version: Safari 13
          Hardware: Macintosh
                OS: macOS 10.15
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: andrew.howden at zalando.de
                CC: beidson at apple.com

Hola Crew, 

I hope this bug report finds you well!

At the time of writing it appears that Safari either does not or has an extremely long timeout with the TLS component of the connection. I believe it would be a nicer experience for users if the connection was closed earlier (perhaps 3 minutes or so), rather than continuing.

The steps to reproduce are as follows:

1. Alias a path to a common website (such as example.com) to 127.0.0.1 via /etc/hosts
2. Compile and run the golang script below
3. Attempt to connect to https://${WEBSITE}
4. Wait (so far I as can assess indefinitely)

It is difficult to assess the real world impact of this bug. It was discovered while investigating an intermittent (rarely occurring) similarly presenting issue accessing the following resource:

- https://img01.ztat.net/article/N1/24/1D/10/3E/11/N1241D103-E11@17.jpg?imwidth=300

We could not replicate it on the above resource consistently, however were able to replicate it by stubbing out the connection and sinkholing the TLS portion of the connection.

Is it possible to introduce a timeout for this (or perhaps the the entire) connection? In this way the error will be presented to users transparently.

Kind regards, 
Andrew.

—
package main

import (
        "log"
        "net"
)

func handle(c net.Conn) {
        b := make([]byte, 1024)
        log.Printf("connection accepted from %s ", c.RemoteAddr())

        for {
                _, err := c.Read(b)

                if err != nil {
                        log.Printf("error: %s", err.Error())

                        // We leave the connection open to mess with safari. All we want to do is just do one way traffic,
                        // and pretend to be alive.
                        return
                }

                log.Printf("%s", b)
        }
}

func main() {
        ln, err := net.Listen("tcp", ":443")
        if err != nil {
                panic(err)
        }

        for {
                c, err := ln.Accept()

                if err != nil {
                        panic(err)
                }

                go handle(c)
        }
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200129/0c9d6f46/attachment-0001.htm>

More information about the webkit-unassigned mailing list