Configure OkHttp connection pool with 55s keep-alive

[scweber-cisco]

Description

Resolves #51

Duo's services close the remote side of a connection after about one minute of idle. OkHttp defaults to a keep-alive timeout of 5 minutes and does not check for closed connections until that timeout. As a result, any connection left in the pool will sit in a CLOSE-WAIT state for ~4 minutes before it is fully closed and evicted.

This change updates the OkHttp connection pool to use a keep-alive of 55 seconds so that we cleanly close those connections before they get stale.

Motivation and Context

There is no advantage to trying to maintain an idle connection to Duo's services for longer than 60 seconds, since the server-side will sever the connection. The connection pool still works properly with a longer timeout, but in times of low traffic, can end up leaving sockets sitting in CLOSE-WAIT for several minutes. It is better hygiene to close these out sooner.

How Has This Been Tested?

Ran the duo-example springboot app, authing several times, and then watching the socket state with lsof -p <springboot pid> | grep TCP | grep ec2.

Before this change, we can see the socket to Duo's service entering CLOSE-WAIT after ~1 minute of idle time and then get completely closed after another ~4 minutes.

After this change, we can see the socket to Duo's service get completely closed after ~55 seconds of idle time and never sits in the CLOSE-WAIT state.

Types of Changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)