diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
commit | f7e676abdc799fcee5138807447b5e91ab05508f (patch) | |
tree | 8ae74c9bf26c3ffde8acd9330787ab2b80902bb0 /doc/s6-taiclockd.html | |
parent | 0de4e6e0703f47be954f4cfa37648dd58665c819 (diff) | |
download | s6-networking-f7e676abdc799fcee5138807447b5e91ab05508f.tar.xz |
Change -K semantics: timeout *during handshake*, not afterwards
- the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
- there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
- if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
- libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
Diffstat (limited to 'doc/s6-taiclockd.html')
0 files changed, 0 insertions, 0 deletions