chrome opens pointless extra socket prior to the socket to make an HTTPS request
Reported by
joh...@gmail.com,
Jun 8 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; rv:46.0) Gecko/20100101 Firefox/46.0 Example URL: Steps to reproduce the problem: 1. Open HTTPS url in Chrome. 2. Watch `tcpdump` or `ssldump`. What is the expected behavior? One socket per HTTPS request. What went wrong? chrome opens pointless extra socket prior to the socket to make an HTTPS request Did this work before? N/A Chrome version: 51.0.2704.79 Channel: n/a OS Version: 10.0 Flash Version:
,
Jun 8 2016
I found an old comment https://bugs.chromium.org/p/chromium/issues/detail?id=39402#c12 indicating that maybe this bug is due to the "Predict network actions to improve page load performance" setting. However that setting has apparently been renamed or deleted since that comment was made. The ticket this bug was mentioned in was about an unrelated bug, so the HTTPS socket bug apparently fell through the cracks.
,
Jun 8 2016
http://stackoverflow.com/a/5734486 also seems to reference this bug. The first comment is 2011, and there are updated comments in 2015. This also seems to indicate the bug is not a regression, but is rather old.
,
Jun 9 2016
Can you provide a chrome://net-internals log as described at https://dev.chromium.org/for-testers/providing-network-details Thank you
,
Jun 9 2016
That contains a lot of information that I'm reluctant to post publicly. It does show 2 back-to-back connections though, where the first shows no HTTP, and the second has a '"type": 143' section where the HTTP request is shown. The "source_address" shows the port from the pointless connection and the port from the real connection are as expected. If you're not able to reproduce the bug, please provide some private google/Chrome method for posting that file.
,
Jun 9 2016
You can send it to my email (rsleevi@chromium.org)
,
Jun 9 2016
Could this be the predictor? https://cs.chromium.org/chromium/src/chrome/browser/net/predictor.cc?rcl=1465485429&l=935 That will be turned on if the setting "Use a prediction service to load pages more quickly" is enabled.
,
Jun 9 2016
"Use a prediction service to load pages more quickly" is disabled already in the above logs.
,
Jun 9 2016
It's not preconnect, it's the SSL error handling, which is WAI. In this case, it makes a connection, sees that the certificate is invalid, aborts the socket and signals to the higher layer there was an error, and then the higher layer is choosing to ignore the error, causing a reconnect. The difference in behaviour is that Firefox keeps the initial socket open while presenting the UI and attempts to resume the original handshake ignoring the error, and then, if that fails, establishes a new socket and ignores the error. It's an intentional design decision we've made not to do what Firefox does. That path lies a whole different set of edge cases and code complexity (many servers have TLS handshake timers, so if the user doesn't respond to the UI in a timely manner, they'll shut down the socket, which then requires all sorts of heuristics to determine if the socket was shut down for taking too long or shut down because of error).
,
Jun 9 2016
You're saying this bug only occurs with certificates that have been marked trusted in Chrome, but lack a root-trust chain?
,
Jun 10 2016
You can see in the NetLog events that the first request is aborted because the certificate authority is invalid. This is then surfaced to the URLRequest, which restarts the request (saying "Ignore this error X"), and the second connection is made. So yes, this only appears with certificate errors. |
|||
►
Sign in to add a comment |
|||
Comment 1 by joh...@gmail.com
, Jun 8 2016