Re: Receive throttling on SSL sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Okay that's a good theoretical answer but practically not very useful.

I know for instance Node.js to implement their Streams interface with both TCP and SSL sockets. They both have pause / resume functions for receive-throttling and I've tested it with SSL and it seems to work somehow.

One solution (I guess?) would be to stop polling for readable until SSL_write demands data then immediately stop polling for readable again once SSL_write is happy. In the case of getting unwanted data while throttling then SSL_peek can be used instead of SSL_read. That would not guarantee no buildup but would work for the most part, right?

Do you see any flaw with this? Could it still fail due to mass buildup when throttling for long?

Den lör 19 maj 2018 04:57Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> skrev:

TLS is a bidirectional protocol.  You can’t throttle only one side.

 

From: Alex H <alexhultman@xxxxxxxxx>
Reply-To: openssl-users <openssl-users@xxxxxxxxxxx>
Date: Friday, May 18, 2018 at 7:21 PM
To: openssl-users <openssl-users@xxxxxxxxxxx>
Subject: Receive throttling on SSL sockets

 

How do you properly implement receive throttling on SSL sockets without hindering writing?

 

As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply by stop polling for readable events on the underlying raw TCP socket. SSL_write still could require reading of data so simply stop polling for readable would potentially hinder writing of data which is not okay.

 

Is there any such receive-throttling functionality in the SSL protocol itself? I don't see how SSL_peek would solve the issue since I would still be buffering (potentially uncontrolled amount of) data in a BIO.

 

Even if I would _only_ enable readable polling when _absolutely needed_ as per SSL_write error, I still cannot guarantee not reading a chunk of data (which I would then need to buffer up in a BIO since the application is not expecting it).

 

How are we supposed to solve this issue without potentially building up backpressure?

 

Thanks

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux