SSL in Erlang/OTP
Bengt Kleberg
Bengt.Kleberg@REDACTED
Fri Nov 21 07:44:40 CET 2003
Alexey Shchepin wrote:
> Hello, Peter!
>
> On Wed, 19 Nov 2003 20:37:35 +0100 (MET), you said:
...deleted
>
> PH> In Erlang/OTP SSL you can have several processes, each waiting for an
> PH> ssl:accept/N on one and the the same port. That is needed to obtain
> PH> acceptable (no pun intended) parallellism.
>
> I.e. I need to run several such processess?:
>
> accept(ListenSocket, Opts) ->
> case ssl:accept(ListenSocket) of
> {ok, Socket} ->
> % Start new process for Socket
> accept(ListenSocket, Opts);
> {error, Reason} -> ...
> end.
>
> But even if I run e.g. 1000 such parallell accepts, malicious user still can
> open 1000 connections with the way I describe above (with ssl:accept locking),
> which will make service unaccessible for other users.
>
> So IMHO ssl:accept should return immediately after TCP connection to listened
> port will be established with new socket in "handshaking" state. In this state
> must be possible to know sockname (e.g. to prevent many conections from one
> host), and data sended with ssl:send will be writed to queue, which will be
...deleted
it is not enough to stop many connections from one host. think ddos
(distributed denial of service).
bengbt
More information about the erlang-questions
mailing list