Fix.

api/defaults/defaults.go

@@ -34,10 +34,6 @@ const (
 	// DefaultIdleTimeout is a default idle connection timeout.
 	DefaultIdleTimeout = 30 * time.Second
 
-	// DefaultDialTimeout is the default time to wait for a connection to be
-	// established.
-	DefaultDialTimeout = 5 * time.Second
-
 	// KeepAliveCountMax is the number of keep-alive messages that can be sent
 	// without receiving a response from the client before the client is
 	// disconnected. The max count mirrors ClientAliveCountMax of sshd.

lib/srv/app/transport.go

@@ -29,11 +29,11 @@ import (
 	"path"
 	"slices"
 	"strings"
+	"time"
 
 	"github.com/gravitational/trace"
 
 	"github.com/gravitational/teleport"
-	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/wrappers"
 	"github.com/gravitational/teleport/lib"
@@ -101,13 +101,6 @@ func newTransport(ctx context.Context, c *transportConfig) (*transport, error) {
 		return nil, trace.Wrap(err)
 	}
 
-	// Add a timeout to the dialer so failures to establish network connections
-	// don't cause requests to hang forever.
-	d := net.Dialer{
-		Timeout: apidefaults.DefaultDialTimeout,
-	}
-	tr.DialContext = d.DialContext
-
 	tr.TLSClientConfig, err = configureTLS(c)
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -156,7 +149,7 @@ func (t *transport) RoundTrip(r *http.Request) (*http.Response, error) {
 
 	// Add a timeout to the request, so slow servers don't cause requests to
 	// hang forever.
-	timeout, cancel := context.WithTimeout(r.Context(), apidefaults.DefaultIOTimeout)
+	timeout, cancel := context.WithTimeout(r.Context(), requestTimeout)
 	defer cancel()
 	r = r.WithContext(timeout)
 
@@ -345,3 +338,8 @@ func charWrap(message string) string {
 	}
 	return sb.String()
 }
+
+const (
+	// requestTimeout is the timeout to receive a response from the upstream server.
+	requestTimeout = 30 * time.Second
+)

lib/utils/errors.go

@@ -21,7 +21,6 @@ package utils
 import (
 	"context"
 	"errors"
-	"fmt"
 	"io"
 	"net"
 	"strings"
@@ -30,7 +29,6 @@ import (
 	"github.com/gravitational/trace"
 
 	"github.com/gravitational/teleport/api/constants"
-	"github.com/gravitational/teleport/api/defaults"
 )
 
 // IsUseOfClosedNetworkError returns true if the specified error
@@ -92,7 +90,6 @@ func IsUntrustedCertErr(err error) bool {
 // CanExplainNetworkError returns a simple to understand error message that can
 // be used to debug common network and/or protocol errors.
 func CanExplainNetworkError(err error) (string, bool) {
-	var oerr *net.OpError
 	var derr *net.DNSError
 
 	switch {
@@ -124,23 +121,13 @@ func CanExplainNetworkError(err error) (string, bool) {
 		return "Connection reset by peer. Run \"curl -v a.b.c.d\" on the Teleport " +
 			"agent to verify the target application (or a load balancer in the " +
 			"network path) is not abruptly closing the connection after accepting it.", true
-	// I/O timeouts can be reproduced by creating a server with a customer
-	// listener that will time.Sleep after Accept(). The raw error typically
-	// looks like the following:
-	//
-	// dial tcp 127.0.0.1:8000: i/o timeout
-	case errors.As(err, &oerr) && oerr.Timeout():
-		return fmt.Sprintf("Network I/O timeout. Run \"nc -vz a.b.c.d\" on the "+
-			"Teleport agent to verify the target application is accepting network "+
-			"connections in under %v.", defaults.DefaultDialTimeout), true
 	// Slow responses can be reprodued by creating a HTTP server that does a
 	// time.Sleep before responding. The raw error typically looks like the following:
 	//
 	// context deadline exceeded
 	case errors.Is(err, context.DeadlineExceeded):
-		return fmt.Sprintf("Timeout waiting for response. Run \"curl -v a.b.c.d\" on the "+
-			"Teleport agent to verify the target application is responding to "+
-			"requests in under %v.", defaults.DefaultIOTimeout), true
+		return "Timeout waiting for response. Run \"curl -v a.b.c.d\" on the " +
+			"Teleport agent to verify the target application is not under excessive load.", true
 	// No such host errors can be reproduced by attempting to resolve a invalid
 	// domain name. The raw error typically looks like the following:
 	//