HTTPCLIENT-2386: Classic transport to use connect timeout as a default if TLS timeout has not been explicitly set

ok2c · ok2c · commit 88c19c009628 · 2025-08-05T11:37:41.000+02:00
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java
@@ -41,6 +41,7 @@
 import org.apache.hc.client5.http.SchemePortResolver;
 import org.apache.hc.client5.http.SystemDefaultDnsResolver;
 import org.apache.hc.client5.http.UnsupportedSchemeException;
+import org.apache.hc.client5.http.config.TlsConfig;
 import org.apache.hc.client5.http.impl.ConnPoolSupport;
 import org.apache.hc.client5.http.impl.DefaultSchemePortResolver;
 import org.apache.hc.client5.http.io.DetachedSocketFactory;
@@ -225,6 +226,11 @@ public void connect(
                     if (LOG.isDebugEnabled()) {
                         LOG.debug("{} {} upgrading to TLS", ConnPoolSupport.getId(conn), tlsName);
                     }
+                    final TlsConfig tlsConfig = attachment instanceof TlsConfig ? (TlsConfig) attachment : TlsConfig.DEFAULT;
+                    final Timeout handshakeTimeout = tlsConfig.getHandshakeTimeout() != null ? tlsConfig.getHandshakeTimeout() : connectTimeout;
+                    if (handshakeTimeout != null) {
+                        socket.setSoTimeout(handshakeTimeout.toMillisecondsIntBound());
+                    }
                     final SSLSocket sslSocket = tlsSocketStrategy.upgrade(socket, tlsName.getHostName(), tlsName.getPort(), attachment, context);
                     conn.bind(sslSocket, socket);
                     onAfterTlsHandshake(context, endpointHost);
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/AbstractClientTlsStrategy.java
@@ -220,8 +220,6 @@ private void executeHandshake(
             final SSLSocket upgradedSocket,
             final String target,
             final Object attachment) throws IOException {
-        final TlsConfig tlsConfig = attachment instanceof TlsConfig ? (TlsConfig) attachment : TlsConfig.DEFAULT;
-
         final SSLParameters sslParameters = upgradedSocket.getSSLParameters();
         if (supportedProtocols != null) {
             sslParameters.setProtocols(supportedProtocols);
@@ -238,17 +236,11 @@ private void executeHandshake(
         }
         upgradedSocket.setSSLParameters(sslParameters);
 
-        final Timeout handshakeTimeout = tlsConfig.getHandshakeTimeout();
-        if (handshakeTimeout != null) {
-            upgradedSocket.setSoTimeout(handshakeTimeout.toMillisecondsIntBound());
-        }
-
         initializeSocket(upgradedSocket);
 
         if (LOG.isDebugEnabled()) {
             LOG.debug("Enabled protocols: {}", (Object) upgradedSocket.getEnabledProtocols());
             LOG.debug("Enabled cipher suites: {}", (Object) upgradedSocket.getEnabledCipherSuites());
-            LOG.debug("Starting handshake ({})", handshakeTimeout);
         }
         upgradedSocket.startHandshake();
         verifySession(target, upgradedSocket.getSession());
