I have windows client application and windows service hosting a web service over HTTPS (on behind it uses standard http.sys). Everything is ok except the situation where user makes a mistake and uses HTTP with HTTPS port for accessing the service. For example service is exposed on: https://somehost:9000
but user incorrectly sets http://somehost:9000
.
Normally if the endpoint is not available the client receives 404 Not found but in this case the endpoint is available but the host expects SSL\TLS handshake first. When the client calls the service with pure HTTP it hangs and client waits for timeouts. Moreover I found that this is some global behavior because web services exposed on IIS over HTTPS called through browser with HTTP behaves in the exactly same way. The timeout is always 130s. Keep-alive for connections on IIS is configured to 120s so it doesn't look correlated.
What kind of timeout is used in this case? Is it possible to change it (this question is little bit abstract because I yet don't know what I want to change)?
I think you can use the URL rewrite module, which does a kind of transparent redirect to the correct protocol; here are some details
install and enable the URL rewrite and configure your ISS virtual site to not require-ssl, so that it can handle the HTTP request, and send a http-redirect back to
https://
like soThis strategy is better than making possibly breaking changes to system-wide TCP parameters.
Alternative is to set the appropriate timeout values on http.sys component in your application. Some default values and parameters are mentioned in this doc here;
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/31a2f39c-4d59-4cba-905c-60e7af657e49.mspx?mfr=true