Context I have a Spring Boot application running in AWS EKS with a Istio service mesh, calling a 3rd party Rest Api service using OkHttp version 4.12.0
Application details:
SpringBoot version 3.5.0
Java 21
Kotlin 1.9.23
istio-proxy: docker.io/istio/proxyv2:1.23.4
EKS version: 1.29
Issue After bumping my application from Spring Boot 3.3.4 to 3.5.0 (everything else being the same) the initial TCP connection blew out from ~500ms to 20 seconds
Spring Boot version: 3.3.4 SSL handshake completed in 437ms TCP connection completed in 519ms
Spring Boot version: 3.5.0 SSL handshake completed in 10017ms TCP connection completed in 20206ms
Steps taken so far Upon further investigation, I found that in Spring Boot 3.4, OkHttp Dependency management was removed.
Looking this the commit, it looks like the custom ssl configuration for the OkHttp Client was removed, probably explaining the slow ssl handshakes and tcp connection.
Even after adding a custom ssl config in my OkhttpClient(trying to copy what was removed in Spring Boot 3.4), didn't resolve the issue
@Bean
fun okHttpClient(): OkHttpClient {
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
trustManagerFactory.init(null as KeyStore?)
val trustManager = trustManagerFactory.trustManagers.first() as X509TrustManager
val sslContext = SSLContext.getInstance("TLS")
sslContext.init(null, arrayOf(trustManager), null)
return OkHttpClient.Builder()
.sslSocketFactory(sslContext.socketFactory, trustManager)
.addNetworkInterceptor(HttpLoggingInterceptor().setLevel(Level.BASIC))
.build()
}
I also tried swapping out to a apache http client org.apache.httpcomponents.client5:httpclient5:5.5, and the initial tcp connection time is still taking 20 seconds.