envoyproxy · mattklein123 · Oct 27, 2020 · Oct 14, 2020 · Oct 14, 2020 · Oct 14, 2020
diff --git a/docs/root/faq/configuration/timeouts.rst b/docs/root/faq/configuration/timeouts.rst
@@ -108,9 +108,10 @@ TCP
   is the amount of time that the TCP proxy will allow a connection to exist with no upstream
   or downstream activity. The default idle timeout if not otherwise specified is *1 hour*.
 
-TLS / Transport Socket
+Transport Socket
+----------------------
 
 * The :ref:`transport_socket_connect_timeout <envoy_v3_api_field_config.listener.v3.FilterChain.transport_socket_connect_timeout>`
   specifies the amount of time Envoy will wait for a downstream client to complete transport-level
-  negotiations. This can be used to limit the amount of time allowed to finish a TLS handshake
-  after establishing a TCP connection.
+  negotiations. When configured on a filter chain with a TLS or ALTS transport socket, this limits
+  the amount of time allowed to finish the encrypted handshake after establishing a TCP connection.
diff --git a/source/common/network/connection_impl.cc b/source/common/network/connection_impl.cc
@@ -725,14 +725,14 @@ void ServerConnectionImpl::setTransportSocketConnectTimeout(std::chrono::millise
 }
 
 void ServerConnectionImpl::raiseEvent(ConnectionEvent event) {
-  ConnectionImpl::raiseEvent(event);
   switch (event) {
   case ConnectionEvent::Connected:
   case ConnectionEvent::RemoteClose:
   case ConnectionEvent::LocalClose:
     transport_connect_pending_ = false;
     transport_socket_connect_timer_.reset();
   }
+  ConnectionImpl::raiseEvent(event);
 }
 
 void ServerConnectionImpl::onTransportSocketConnectTimeout() {

diff --git a/test/common/network/connection_impl_test.cc b/test/common/network/connection_impl_test.cc
@@ -368,7 +368,6 @@ TEST_P(ConnectionImplTest, SetServerTransportSocketTimeout) {
       std::move(mocks.transport_socket_), stream_info_, true);
 
   EXPECT_CALL(*mock_timer, enableTimer(std::chrono::milliseconds(3 * 1000), _));
-
   server_connection->setTransportSocketConnectTimeout(std::chrono::seconds(3));
   EXPECT_CALL(*transport_socket, closeSocket(ConnectionEvent::LocalClose));
   mock_timer->invokeCallback();
@@ -387,7 +386,8 @@ TEST_P(ConnectionImplTest, SetServerTransportSocketTimeoutAfterConnect) {
       std::move(mocks.transport_socket_), stream_info_, true);
 
   transport_socket->callbacks_->raiseEvent(ConnectionEvent::Connected);
-  // This should be a no-op.
+  // This should be a no-op. No timer should be created.
+  EXPECT_CALL(dispatcher, createTimer_(_)).Times(0);
   server_connection->setTransportSocketConnectTimeout(std::chrono::seconds(3));
 
   server_connection->close(ConnectionCloseType::NoFlush);