diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
index 4a327471..40c9a423 100755
--- a/src/cryptojwt/key_bundle.py
+++ b/src/cryptojwt/key_bundle.py
@@ -35,6 +35,7 @@
 KEYLOADERR = "Failed to load %s key from '%s' (%s)"
 REMOTE_FAILED = "Remote key update from '{}' failed, HTTP status {}"
 MALFORMED = "Remote key update from {} failed, malformed JWKS."
+DEFAULT_HTTPC_TIMEOUT = 10
 
 LOGGER = logging.getLogger(__name__)
 
@@ -254,6 +255,8 @@ def __init__(
             self.httpc = requests.request
 
         self.httpc_params = httpc_params or {}
+        if "timeout" not in self.httpc_params:
+            self.httpc_params["timeout"] = DEFAULT_HTTPC_TIMEOUT
 
         if keys:
             self.source = None
diff --git a/src/cryptojwt/key_issuer.py b/src/cryptojwt/key_issuer.py
index 2b3b4b53..b2da06af 100755
--- a/src/cryptojwt/key_issuer.py
+++ b/src/cryptojwt/key_issuer.py
@@ -8,6 +8,7 @@
 
 from .jwe.utils import alg2keytype as jwe_alg2keytype
 from .jws.utils import alg2keytype as jws_alg2keytype
+from .key_bundle import DEFAULT_HTTPC_TIMEOUT
 from .key_bundle import KeyBundle
 from .key_bundle import build_key_bundle
 from .key_bundle import key_diff
@@ -58,6 +59,8 @@ def __init__(
         self.ca_certs = ca_certs
         self.httpc = httpc or request
         self.httpc_params = httpc_params or {}
+        if "timeout" not in self.httpc_params:
+            self.httpc_params["timeout"] = DEFAULT_HTTPC_TIMEOUT
         self.keybundle_cls = keybundle_cls
         self.name = name
         self.remove_after = remove_after
diff --git a/src/cryptojwt/key_jar.py b/src/cryptojwt/key_jar.py
index 2d6f7f96..67f259f9 100755
--- a/src/cryptojwt/key_jar.py
+++ b/src/cryptojwt/key_jar.py
@@ -8,6 +8,7 @@
 from .exception import IssuerNotFound
 from .jwe.jwe import alg2keytype as jwe_alg2keytype
 from .jws.utils import alg2keytype as jws_alg2keytype
+from .key_bundle import DEFAULT_HTTPC_TIMEOUT
 from .key_bundle import KeyBundle
 from .key_issuer import KeyIssuer
 from .key_issuer import build_keyissuer
@@ -51,6 +52,9 @@ def __init__(
         self.remove_after = remove_after
         self.httpc = httpc or request
         self.httpc_params = httpc_params or {}
+        if "timeout" not in self.httpc_params:
+            self.httpc_params["timeout"] = DEFAULT_HTTPC_TIMEOUT
+
         # Now part of httpc_params
         # self.verify_ssl = verify_ssl
         if not self.httpc_params:  # backward compatibility
diff --git a/tests/test_04_key_issuer.py b/tests/test_04_key_issuer.py
index 7a4ca372..54d7b0dd 100755
--- a/tests/test_04_key_issuer.py
+++ b/tests/test_04_key_issuer.py
@@ -774,7 +774,7 @@ def test_localhost_url():
 
     kb = issuer.find(url)
     assert len(kb) == 1
-    assert kb[0].httpc_params == {"verify": False}
+    assert kb[0].httpc_params == {"timeout": 10, "verify": False}
 
 
 def test_add_url():