带有阻塞套接字的 SSL_accept [英] SSL_accept with blocking socket

问题描述

我制作了一个带有 SSL 和 阻塞 套接字的服务器.当我使用 telnet 连接时(因此它不进行握手)，SSL_accept 会无限期地阻塞并阻塞每个新的握手/接受(以及根据定义的新连接).

I made a server with SSL and blocking sockets. When I connect with telnet (so it does not do the handshake), the SSL_accept blocks indefinitely and blocks every new handshake/accept (and by definition new connections).

我该如何解决这个可怕的问题?

How can I solve this awful problem ?

推荐答案

为什么不在调用 SSL_accept()，然后阻止类似select() 会超时吗?或者，您可以在调用 SSL_accept() 之前阻止 select().要么应该工作.这样你至少可以限制连接因 DoS 喜欢行为/攻击.

Why not just set the socket stream to non-blocking mode before calling SSL_accept(), and then block on something like select() with a timeout if SSL_accept() returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE? Alternatively, you can block on select() before calling SSL_accept(). Either should work. That way you can at least bound the time the connection is blocked due to the DoS like behavior/attack.

请记住，SSL/TLS 是面向记录的，这意味着您必须循环直到读取完整记录.SSL_pending() 可以在这种情况下提供帮助.

Bear in mind that SSL/TLS is record-oriented, meaning you must loop until the full record is read. SSL_pending() can help in such cases.

这篇关于带有阻塞套接字的 SSL_accept的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！