Re: TCP Resets when closing connection opened via SSL

On 26.04.19 09:41, Jānis Pūris wrote:
> /Resending the original message without any formatting./
>
> Hello,
>
> I'm trying to do a simple health check for keepalived and other
> services via a python script and psycopg2 library. All seems to be all
> right, until I close the connection, at which point a packet with TCP
> reset is produced.
>
> This has become very problematic and creates extensive noise in
> monitoring.
>
> It also happens with IntelliJ DataGrip provided Java driver and PHP
> drivers. And hence I do not think this is the drivers problem, but PG
> instead.

> From PG side of things, all seems to be OK
>
What actual problem you are experiencing?

Usually, getting a TCP reset is a normal event on TCP connections not
necessarily related to any application level activity.

A TCP reset is triggered as soon as a packet is being received on a
"closed" connection.

Such "late orphaned packet" may e.g. result from an ack for a packet in
transit by the time of close.

For more detailed information you might look at the exact sequence of
packets being exchanged.

This way, you might get better insight in what is happening and better
information on wether something is going wrong.

That you do experience TCP reset only with SSL being involved might just
be accidentally or be a

consequence of  SSL stack activities. It could even be caused by the way
the (SSL) connection

is being configured/set-up in the specific case.

But nevertheless, it might be perfectly OK for such packets to be generated.

So, please re-think why you are considering them problematic in the
first place.

Regards

Rainer