What's the exact URL you are invoking this on? Is this a clean installation of the server or do you have any changes? You can get a bit more verbose output from curl by using the -v option and see if it provides a hint (you can paste those logs here too).

I haven't been able to reproduce this in a fresh install of WildFly 14 (and 15) with a plain servlet which sleeps for more than a minute. Both HTTP and HTTPS work fine. Are you sure there isn't some web framework or library within your application which might be playing a role? Have you tried this with a plain servlet without anything else in the application?

I don't think this has to do with the cipher suites. I suspect what's happening is, in HTTP 1.1 mode the undertow server ends up using the no-request-timeout (default) value on the listener. The default value for that attribute is 60 seconds and if there isn't any activity on that connection for that duration, the connection is terminated by Undertow. Can you set a value of -1 for that attribute on your https/http listener in the undertow subsystem configuration? The xsd of that subsystem is available here wildfly/wildfly-undertow_7_0.xsd at master · wildfly/wildfly · GitHub  for reference.

Having said that, I don't think you should have been forced to set this attribute, but we can get to that later once you verify that setting this value to -1 does indeed fix the issue for you.

Thank you for testing and posting back the results.

Sorry, I wasn't fully clear in my previous reply. What I meant in my previous reply was that the no-request-timeout value (the default one) is playing a role when HTTP 1.1 protocol is used/chosen by the server. What seems to be happening is when you use the enabled-cipher-suites the server chooses HTTP 1.1 (I haven't looked into why, but maybe because of the ciphers chosen?) and as a result, the no-request-timeout starts playing a role. Without the enabled-ciphers attribute, the server seems to be choosing HTTP 2, where this no-request-timeout attribute isn't playing any role. You can verify this by checking the curl -v ... output where it should show the protocol that got used during the communication.

Either way, I think this needs some investigation by the dev team since IMO, the no-request-timeout is either buggy (I don't think it should close a connection when a request is in progress) or the default value shouldn't be some arbitrary value and should perhaps be -1.

jaikiran  wrote:

 

 

Either way, I think this needs some investigation by the dev team since IMO, the no-request-timeout is either buggy (I don't think it should close a connection when a request is in progress) or the default value shouldn't be some arbitrary value and should perhaps be -1.

I've created [WFLY-11691] Default no-request-timeout value on HTTP(s) listeners seems to be causing unexpected timeouts - JBoss Issue…  so that someone can take a look.

This issue appears to be fixed in the recently released WildFly 16.0.0.Final. I can no longer reproduce this in that version and as I noted in the [WFLY-11691] Default no-request-timeout value on HTTP(s) listeners seems to be causing unexpected timeouts - JBoss Issue…  JIRA it seems to be fixed as a result of the fix to [UNDERTOW-1486] Out of memory errors - JBoss Issue Tracker . You don't have to do any changes to the no-request-timeout attribute and this should work out of the box (even with the enabled-cipher-suites that you previously used).