From f7e676abdc799fcee5138807447b5e91ab05508f Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Mon, 7 Dec 2020 12:53:54 +0000
Subject:  Change -K semantics: timeout *during handshake*, not afterwards

 - the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
 - there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
 - if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
 - libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
---
 doc/s6-tlsc-io.html | 10 ++++++----
 doc/s6-tlsc.html    | 10 ++++++----
 doc/s6-tlsd-io.html | 10 ++++++----
 doc/s6-tlsd.html    | 10 ++++++----
 4 files changed, 24 insertions(+), 16 deletions(-)

(limited to 'doc')

diff --git a/doc/s6-tlsc-io.html b/doc/s6-tlsc-io.html
index 2f02841..d4c1b7e 100644
--- a/doc/s6-tlsc-io.html
+++ b/doc/s6-tlsc-io.html
@@ -195,10 +195,12 @@ connection without using <tt>close_notify</tt>. This is the default. </li>
  <li> <tt>-k&nbsp;<em>servername</em></tt>&nbsp;: use Server Name
 Indication, and send <em>servername</em>. The default is not to
 use SNI, which may be a security risk. </li>
- <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: close the connection
-if <em>kimeout</em> milliseconds elapse without any data being
-received from either side. The default is 0, which means
-infinite timeout (never kill the connection). </li>
+ <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
+to send data for <em>kimeout</em> milliseconds during the handshake,
+close the connection. The default is 0, which means infinite timeout
+(never kill the connection). This option is ignored by the
+<tt>libtls</tt> backend, which does not have a way to interrupt
+the handshake after a timeout. </li>
  <li> <tt>-d&nbsp;<em>notif</em></tt>&nbsp;: handshake notification.
 <em>notif</em> must be a file descriptor open for writing. When the
 TLS handshake has completed, some data (terminated by two null
diff --git a/doc/s6-tlsc.html b/doc/s6-tlsc.html
index c2e7521..5ff3431 100644
--- a/doc/s6-tlsc.html
+++ b/doc/s6-tlsc.html
@@ -121,10 +121,12 @@ connection without using <tt>close_notify</tt>. This is the default. </li>
  <li> <tt>-k&nbsp;<em>servername</em></tt>&nbsp;: use Server Name
 Indication, and send <em>servername</em>. The default is not to
 use SNI, which may be a security risk. </li>
- <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: close the connection
-if <em>kimeout</em> milliseconds elapse without any data being
-received from either side. The default is 0, which means
-infinite timeout (never kill the connection). </li>
+ <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
+to send data for <em>kimeout</em> milliseconds during the handshake,
+close the connection. The default is 0, which means infinite timeout
+(never kill the connection). This option is ignored by the
+<tt>libtls</tt> backend, which does not have a way to interrupt
+the handshake after a timeout. </li>
  <li> <tt>-6&nbsp;<em>fdr</em></tt>&nbsp;: expect an open file
 descriptor numbered <em>fdr</em> to read network (ciphertext)
 data from. Make sure <em>prog</em> also reads its data
diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html
index 6aad7dc..00f7cd4 100644
--- a/doc/s6-tlsd-io.html
+++ b/doc/s6-tlsd-io.html
@@ -190,10 +190,12 @@ and break the connection when receiving a local EOF. </li>
 connection without using <tt>close_notify</tt>. This is the default. </li>
  <li> <tt>-Y</tt>&nbsp;: Do not send a client certificate. This is the default. </li>
  <li> <tt>-y</tt>&nbsp;: Send a client certificate. </li>
- <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: close the connection
-if <em>kimeout</em> milliseconds elapse without any data being
-received from either side. The default is 0, which means
-infinite timeout (never kill the connection). </li>
+ <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
+to send data for <em>kimeout</em> milliseconds during the handshake,
+close the connection. The default is 0, which means infinite timeout
+(never kill the connection). This option is ignored by the
+<tt>libtls</tt> backend, which does not have a way to interrupt
+the handshake after a timeout. </li>
  <li> <tt>-d&nbsp;<em>notif</em></tt>&nbsp;: handshake notification.
 <em>notif</em> must be a file descriptor open for writing. When the
 TLS handshake has completed, some data (terminated by two null
diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html
index beeedda..579c63c 100644
--- a/doc/s6-tlsd.html
+++ b/doc/s6-tlsd.html
@@ -129,10 +129,12 @@ connection without using <tt>close_notify</tt>. This is the default. </li>
  <li> <tt>-y</tt>&nbsp;: Require a mandatory client certificate.
 The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option,
 is not to require a client certificate at all. </li>
- <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: close the connection
-if <em>kimeout</em> milliseconds elapse without any data being
-received from either side. The default is 0, which means
-infinite timeout (never kill the connection). </li>
+ <li> <tt>-K&nbsp;<em>kimeout</em></tt>&nbsp;: if the peer fails
+to send data for <em>kimeout</em> milliseconds during the handshake,
+close the connection. The default is 0, which means infinite timeout
+(never kill the connection). This option is ignored by the
+<tt>libtls</tt> backend, which does not have a way to interrupt
+the handshake after a timeout. </li>
 </ul>
 
 <h2> Notes </h2>
-- 
cgit v1.2.3