net/http: TLS handshake timeout

[sabixx]

We encountered a timeout issue with the TLS handshake when connecting to TPP. After adjusting some timeout values in tpp.go, we successfully established a connection. However, the current default settings might be too low for certain environments. Could we consider increasing the default values or making TCP/tls timeouts configurable?

PROBLEM SUMMARY
With a complex network, a tcp/TLS timeout may occur.

STEPS TO REPRODUCE
Not trivial to reproduce, as it requiers a environment with similar latency.

EXPECTED RESULTS
vcert is able to connect to TPP

ACTUAL RESULTS
Error messages:
net/http: TLS handshake timeout
after increasing TLSHandshakeTimeout to 60 seconds error changed to:
context deadline exceeded (Client.Timeout exceeded while awaiting headers）
(still timeout)

ENVIRONMENT DETAILS
issue occurs with vcert 5.7 and TPP.

COMMENTS/WORKAROUNDS
here's the updated code that increased the timeout to 60s which was sufficient in this particular case.

file: tpp.go
func (c *Connector) getHTTPClient() *http.Client {
if c.client != nil {
return c.client
}
var netTransport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 60 * time.Second,
KeepAlive: 60 * time.Second,
DualStack: true,
}).DialContext,
//MaxIdleConns: 100,
//IdleConnTimeout: 90 * time.Second,
//TLSHandshakeTimeout: 60 * time.Second,
//ExpectContinueTimeout: 1 * time.Second,
//ResponseHeaderTimeout: 60 * time.Second,
}
tlsConfig := http.DefaultTransport.(http.Transport).TLSClientConfig
/ #nosec */
if c.trust != nil {
if tlsConfig == nil {
tlsConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
}
} else {
tlsConfig = tlsConfig.Clone()
}
tlsConfig.RootCAs = c.trust
}
netTransport.TLSClientConfig = tlsConfig
c.client = &http.Client{
Timeout: time.Second * 60,
Transport: netTransport,
}
return c.client
}