On Fri, Feb 17, 2023 at 03:13:14PM -0800, Andy Lutomirski wrote: > > I can certainly imagine TLS or similar protocols breaking if data > changes if the implementation is too clever and retransmission > happens. Suppose 2000 bytes are sent via splice using in-kernel TLS, > and it goes out on the wire as two TCP segments. The first segment is > dropped but the second is received. The kernel resends the first > segment using different data. This really ought to cause an integrity > check at the far end to fail. The TLS layer is completely separate from TCP so it's like any normal TCP user from user-space. IOW the encrypted data will be held by TCP until acknowledged so during retransmission it will simply resend the previously encrypted data rather than encrypting the same data twice. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
