Skip to content

Abort ssl connections on close when ssl_shutdown_timeout is 0 #11148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 29 commits into from
Jun 7, 2025
Merged

Abort ssl connections on close when ssl_shutdown_timeout is 0 #11148

merged 29 commits into from
Jun 7, 2025

Conversation

bdraco
Copy link
Member

@bdraco bdraco commented Jun 4, 2025
edited
Loading

What do these changes do?

This PR improves SSL connection handling by changing the default ssl_shutdown_timeout from 0.1 to 0, providing the best of both worlds:

  • During normal operation: SSL connections use Python's default SSL shutdown behavior (graceful shutdown with proper handshake)
  • When closing the connector: SSL connections are aborted immediately for fast cleanup

Additionally, this PR:

  • Adds support for ssl_shutdown_timeout=0 on all Python versions. Previously, this value was rejected on Python 3.11+ and ignored on earlier versions.
  • Deprecates the ssl_shutdown_timeout parameter for removal in aiohttp 4.0, as there's no clear use case for users to change the default behavior

Key changes:

  • The default ssl_shutdown_timeout is now 0 (immediate abort on connector close) instead of 0.1 seconds
  • ssl_shutdown_timeout=0 now works on all Python versions and will immediately abort SSL connections using transport.abort() instead of transport.close() when the connector is closed
  • Normal SSL connections continue to use Python's default graceful shutdown behavior during regular operation
  • When ssl_shutdown_timeout=0, the value is not passed to loop.create_connection() or loop.start_tls() to avoid rejection by asyncio
  • A RuntimeWarning is issued when non-zero values are passed on Python < 3.11, informing users that only ssl_shutdown_timeout=0 is supported on older Python versions
  • A DeprecationWarning is issued when any value is explicitly passed for ssl_shutdown_timeout, indicating the parameter will be removed in aiohttp 4.0

Are there changes in behavior for the user?

  • Improved default behavior: SSL connections now get proper graceful shutdown during normal operation (Python's default) but are cleaned up immediately when closing the connector, providing optimal behavior for both cases
  • Users on Python < 3.11 can now use ssl_shutdown_timeout=0 for immediate abort on connector close
  • Users will receive a RuntimeWarning if they attempt to use non-zero ssl_shutdown_timeout values on Python < 3.11
  • Deprecation: Users will receive a DeprecationWarning when explicitly setting ssl_shutdown_timeout, as this parameter will be removed in aiohttp 4.0
  • Users who want a graceful shutdown when closing the connector can explicitly set ssl_shutdown_timeout=0.1 (on Python 3.11+) until the parameter is removed
  • No breaking changes - the API remains the same, only the default value has changed to provide better performance

Is it a substantial burden for the maintainers to support this?

No, this is a minimal maintenance burden:

  • The implementation is backward compatible
  • The warning clearly communicates the limitation to users
  • The code changes are focused and well-tested
  • The sentinel pattern is already used elsewhere in aiohttp for similar purposes

Related issue number

closes #11144

Checklist

  • I think the code is well written
  • Unit tests for the changes exist
  • Documentation reflects the changes
  • If you provide code modification, please add yourself to CONTRIBUTORS.txt
    • The format is <Name> <Surname>.
    • Please keep alphabetical order, the file is sorted by names.
  • Add a new news fragment into the CHANGES/ folder

    • name it <issue_or_pr_num>.<type>.rst (e.g. 588.bugfix.rst)

    • if you don't have an issue number, change it to the pull request
      number after creating the PR

      • .bugfix: A bug fix for something the maintainers deemed an
        improper undesired behavior that got corrected to match
        pre-agreed expectations.
      • .feature: A new behavior, public APIs. That sort of stuff.
      • .deprecation: A declaration of future API removals and breaking
        changes in behavior.
      • .breaking: When something public is removed in a breaking way.
        Could be deprecated in an earlier release.
      • .doc: Notable updates to the documentation structure or build
        process.
      • .packaging: Notes for downstreams about unobvious side effects
        and tooling. Changes in the test invocation considerations and
        runtime assumptions.
      • .contrib: Stuff that affects the contributor experience. e.g.
        Running tests, building the docs, setting up the development
        environment.
      • .misc: Changes that are hard to assign to any of the above
        categories.

    • Make sure to use full sentences with correct case and punctuation,
      for example:

      Fixed issue with non-ascii contents in doctest text files
-- by :user:`contributor-gh-handle`.

      Use the past tense or the present tense a non-imperative mood,
      referring to what's changed compared to the last released version
      of this project.

@codecov Codecov
Copy link

codecov bot commented Jun 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.85%. Comparing base (996ad00) to head (5a405b8).
Report is 7 commits behind head on master.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11148      +/-   ##
==========================================
- Coverage   98.86%   98.85%   -0.01%     
==========================================
  Files         131      131              
  Lines       42737    42966     +229     
  Branches     2308     2314       +6     
==========================================
+ Hits        42250    42476     +226     
- Misses        337      340       +3     
  Partials      150      150
Flag Coverage Δ
CI-GHA 98.75% <100.00%> (+<0.01%) ⬆️
OS-Linux 98.47% <100.00%> (+<0.01%) ⬆️
OS-Windows 96.80% <100.00%> (+0.01%) ⬆️
OS-macOS 97.70% <100.00%> (+0.02%) ⬆️
Py-3.10.11 97.34% <81.71%> (-0.12%) ⬇️
Py-3.10.17 97.83% <81.71%> (-0.13%) ⬇️
Py-3.11.12 98.01% <78.35%> (-0.10%) ⬇️
Py-3.11.9 97.54% <78.35%> (-0.10%) ⬇️
Py-3.12.10 98.40% <78.35%> (-0.10%) ⬇️
Py-3.13.3 98.38% <78.35%> (-0.10%) ⬇️
Py-3.9.13 97.23% <81.71%> (-0.12%) ⬇️
Py-3.9.22 97.71% <81.71%> (-0.12%) ⬇️
Py-pypy7.3.16 83.49% <81.71%> (-13.94%) ⬇️
VM-macos 97.70% <100.00%> (+0.02%) ⬆️
VM-ubuntu 98.47% <100.00%> (+<0.01%) ⬆️
VM-windows 96.80% <100.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Jun 4, 2025
edited
Loading

CodSpeed Performance Report

Merging #11148 will not alter performance

Comparing abort_on_ssl_timeout_0 (5a405b8) with master (996ad00)

Summary

✅ 59 untouched benchmarks

@psf-chronographer psf-chronographer bot added the bot:chronographer:provided There is a change note present in this PR label Jun 4, 2025
@bdraco bdraco added backport-3.12 Trigger automatic backporting to the 3.12 release branch by Patchback robot backport-3.13 Trigger automatic backporting to the 3.13 release branch by Patchback robot labels Jun 4, 2025
Dreamsorcerer
Dreamsorcerer reviewed Jun 5, 2025
View reviewed changes
@Dreamsorcerer
Copy link
Member

I'm still unclear on your changes from #11114 though. The changelog says it's expected behaviour on TLS 1.3. If that's true, we shouldn't be waiting at all, if we expect it to never work. I thought it was only misbehaving servers which don't close the connection properly.

@bdraco
Copy link
Member Author

bdraco commented Jun 5, 2025
edited
Loading

I'm still unclear on your changes from #11114 though. The changelog says it's expected behaviour on TLS 1.3. If that's true, we shouldn't be waiting at all, if we expect it to never work. I thought it was only misbehaving servers which don't close the connection properly.

TLS 1.2 is required to acknowledge immediately. With TLS 1.3 it isn't required but should acknowledge quickly, but it is allowed to flush the buffer first.

In practice though misbehaving servers don't flush the buffer and never acknowledge, leaving the user in a state they can do nothing about.

I'm almost tempted to change the default to 0 and simply abort the connections since there isn't much value in waiting at all if we are closing the connector. I just worry that we don't flush the buffer in that case, but since the connector is closing, does it matter ?

@bdraco
Copy link
Member Author

bdraco commented Jun 5, 2025

The more I think about it, the more I'm leaning to making 0 the default as I can't see any reason we would need to worry about flushing the buffer if we are done with the session/connector

@Dreamsorcerer
Copy link
Member

The more I think about it, the more I'm leaning to making 0 the default as I can't see any reason we would need to worry about flushing the buffer if we are done with the session/connector

I'm not too familiar with what the risks are. Feels like some misbehaving servers should be fixed...

@bdraco
Copy link
Member Author

bdraco commented Jun 5, 2025

The key risk is we we might not flush the read/write buffer, but if are are done with the session/connector anyways it should be fine to abort. I'm worried about the case where someone expects they have an event loop iteration remaining to read the buffered client data in another task before the connector closes.

@bdraco
Copy link
Member Author

bdraco commented Jun 5, 2025

It comes down to, is it reasonable to expect that someone would want to read the buffer after calling .close() on the connector.. I think the answer is no

@bdraco bdraco mentioned this pull request Jun 7, 2025
Closed
1 task
bdraco
bdraco commented Jun 7, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 7, 2025
View reviewed changes
@Dreamsorcerer
Copy link
Member

So if we change to abort with 0, that means during normal operation we get the default python timeout in the background, and we abort() when the connector is closed. That actually sounds like the best of both worlds.

I guess my question is who's going to change it from the default? What problem would it fix, and how would a user know they want to change that default?

@bdraco
Copy link
Member Author

bdraco commented Jun 7, 2025
edited
Loading

So if we change to abort with 0, that means during normal operation we get the default python timeout in the background, and we abort() when the connector is closed. That actually sounds like the best of both worlds.

I guess my question is who's going to change it from the default? What problem would it fix, and how would a user know they want to change that default?

I can't actually envision a use case where they would want anything other than the new default in this PR (0). Waiting 0.1s to close the connector is very undesirable when you are frequently creating and destroying them which seems to be a much more common use case than we have expected.

@Dreamsorcerer
Copy link
Member

So, it kind of feels to me like the parameter should be removed again..

@bdraco
Copy link
Member Author

bdraco commented Jun 7, 2025

So, it kind of feels to me like the parameter should be removed again..

Yeah I think so. I'll deprecate it for removal in 4.0

@bdraco bdraco marked this pull request as ready for review June 7, 2025 13:04
@bdraco bdraco requested review from webknjaz and asvetlov as code owners June 7, 2025 13:04
@bdraco bdraco merged commit 86a9a38 into master Jun 7, 2025
40 checks passed
@bdraco bdraco deleted the abort_on_ssl_timeout_0 branch June 7, 2025 13:17
@patchback Patchback
Copy link
Contributor

patchback bot commented Jun 7, 2025
edited
Loading

Backport to 3.12: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 86a9a38 on top of patchback/backports/3.12/86a9a3827c876acfd32886bd51b49df7f5f1925e/pr-11148

Backporting merged PR #11148 into master

  1. Ensure you have a local repo clone of your fork. Unless you cloned it
    from the upstream, this would be your origin remote.
  2. Make sure you have an upstream repo added as a remote too. In these
    instructions you'll refer to it by the name upstream. If you don't
    have it, here's how you can add it: 
    $ git remote add upstream https://github.com/aio-libs/aiohttp.git
  3. Ensure you have the latest copy of upstream and prepare a branch
    that will hold the backported code: 
    $ git fetch upstream
$ git checkout -b patchback/backports/3.12/86a9a3827c876acfd32886bd51b49df7f5f1925e/pr-11148 upstream/3.12
  4. Now, cherry-pick PR Abort ssl connections on close when ssl_shutdown_timeout is 0 #11148 contents into that branch: 
    $ git cherry-pick -x 86a9a3827c876acfd32886bd51b49df7f5f1925e
    If it'll yell at you with something like fatal: Commit 86a9a3827c876acfd32886bd51b49df7f5f1925e is a merge but no -m option was given., add -m 1 as follows instead: 
    $ git cherry-pick -m1 -x 86a9a3827c876acfd32886bd51b49df7f5f1925e
  5. At this point, you'll probably encounter some merge conflicts. You must
    resolve them in to preserve the patch from PR Abort ssl connections on close when ssl_shutdown_timeout is 0 #11148 as close to the
    original as possible.
  6. Push this branch to your fork on GitHub: 
    $ git push origin patchback/backports/3.12/86a9a3827c876acfd32886bd51b49df7f5f1925e/pr-11148
  7. Create a PR, ensure that the CI is green. If it's not — update it so that
    the tests and any other checks pass. This is it!
    Now relax and wait for the maintainers to process your pull request
    when they have some cycles to do reviews. Don't worry — they'll tell you if
    any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

@patchback Patchback
Copy link
Contributor

patchback bot commented Jun 7, 2025
edited
Loading

Backport to 3.13: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 86a9a38 on top of patchback/backports/3.13/86a9a3827c876acfd32886bd51b49df7f5f1925e/pr-11148

Backporting merged PR #11148 into master

  1. Ensure you have a local repo clone of your fork. Unless you cloned it
    from the upstream, this would be your origin remote.
  2. Make sure you have an upstream repo added as a remote too. In these
    instructions you'll refer to it by the name upstream. If you don't
    have it, here's how you can add it: 
    $ git remote add upstream https://github.com/aio-libs/aiohttp.git
  3. Ensure you have the latest copy of upstream and prepare a branch
    that will hold the backported code: 
    $ git fetch upstream
$ git checkout -b patchback/backports/3.13/86a9a3827c876acfd32886bd51b49df7f5f1925e/pr-11148 upstream/3.13
  4. Now, cherry-pick PR Abort ssl connections on close when ssl_shutdown_timeout is 0 #11148 contents into that branch: 
    $ git cherry-pick -x 86a9a3827c876acfd32886bd51b49df7f5f1925e
    If it'll yell at you with something like fatal: Commit 86a9a3827c876acfd32886bd51b49df7f5f1925e is a merge but no -m option was given., add -m 1 as follows instead: 
    $ git cherry-pick -m1 -x 86a9a3827c876acfd32886bd51b49df7f5f1925e
  5. At this point, you'll probably encounter some merge conflicts. You must
    resolve them in to preserve the patch from PR Abort ssl connections on close when ssl_shutdown_timeout is 0 #11148 as close to the
    original as possible.
  6. Push this branch to your fork on GitHub: 
    $ git push origin patchback/backports/3.13/86a9a3827c876acfd32886bd51b49df7f5f1925e/pr-11148
  7. Create a PR, ensure that the CI is green. If it's not — update it so that
    the tests and any other checks pass. This is it!
    Now relax and wait for the maintainers to process your pull request
    when they have some cycles to do reviews. Don't worry — they'll tell you if
    any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

bdraco added a commit that referenced this pull request Jun 7, 2025
@bdraco
Abort ssl connections on close when ssl_shutdown_timeout is 0 (#11148)
47c5db8 
(cherry picked from commit 86a9a38)
bdraco added a commit that referenced this pull request Jun 7, 2025
@bdraco
Abort ssl connections on close when ssl_shutdown_timeout is 0 (#11148)
8c0d0df 
(cherry picked from commit 86a9a38)
bdraco added a commit that referenced this pull request Jun 7, 2025
@bdraco
Abort ssl connections on close when ssl_shutdown_timeout is 0 (#11148)
6bc79c0 
(cherry picked from commit 86a9a38)
bdraco added a commit that referenced this pull request Jun 7, 2025
@bdraco
[PR #11148/86a9a38 backport][3.13] Abort ssl connections on close whe…
27c2cee 
…n ssl_shutdown_timeout is 0 (#11156)
bdraco added a commit that referenced this pull request Jun 7, 2025
@bdraco
[PR #11148/86a9a38 backport][3.12] Abort ssl connections on close whe…
ca39f6a 
…n ssl_shutdown_timeout is 0 (#11155)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dreamsorcerer Dreamsorcerer Dreamsorcerer left review comments

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees
No one assigned
Labels
backport-3.12 Trigger automatic backporting to the 3.12 release branch by Patchback robot backport-3.13 Trigger automatic backporting to the 3.13 release branch by Patchback robot bot:chronographer:provided There is a change note present in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bdraco @Dreamsorcerer