The built-in server (Server / serve_tls, and the axum TLS path) builds hyper connections without configuring a timer, so hyper's default header read timeout is not applied, and no HTTP/2 keep-alive ping or idle-connection timeout is configured. A connection that is opened and then never sends a complete request, or that finishes a request and then stays idle, is held open indefinitely along with its task and file descriptor; today this can only be bounded by an external load balancer or reverse proxy.
Proposed work:
- Set
TokioTimer on the connection builder so the header read timeout applies (connectrpc/src/server.rs, connectrpc/src/axum.rs).
- Configure HTTP/2 keep-alive ping interval/timeout and an idle-connection timeout, with sensible defaults.
- Expose these as
Server configuration alongside the existing TLS handshake timeout so deployments can tune them.
The built-in server (
Server/serve_tls, and the axum TLS path) builds hyper connections without configuring a timer, so hyper's default header read timeout is not applied, and no HTTP/2 keep-alive ping or idle-connection timeout is configured. A connection that is opened and then never sends a complete request, or that finishes a request and then stays idle, is held open indefinitely along with its task and file descriptor; today this can only be bounded by an external load balancer or reverse proxy.Proposed work:
TokioTimeron the connection builder so the header read timeout applies (connectrpc/src/server.rs,connectrpc/src/axum.rs).Serverconfiguration alongside the existing TLS handshake timeout so deployments can tune them.