This might be relevant:
Long story short: Webrick 1.3 seems to have problems with timeouting HTTPS endpoints and it is vulnerable to slow-attacks. If you try HTTP port it works fine (timeout 30 seconds - webrick’s default setting). Looks like 1.4.2 version (current stable) does work correctly, connection is closed after 30 seconds.
Unfortunately Webrick 1.4.x requires Ruby 2.3 and we are still on RHEL Ruby 2.0. There are discussions in SCLing smart-proxy, that would solve this. Until then, there is no easy solution - according to git log in webrick there’s been huge amount of patches in regard to timeouts, concurrency, waits and synchronization.
I have tried to identify the commit in webrick which fixed this so we could backport it but I gave up as there are so many changes. Two ways out:
- We are thinking SCLing our proxy so we can bump Ruby version and all the deps to latest and greatest versions.
- We finalize our efforts supporting Puma as a secondary (opt-in) web server next to Webrick. A PR is pending more reviews, but this is WIP and there can be dragons.