叛徒率限制 [英] renegotiate_rate_limit
问题描述
有人知道在哪里以及如何设置此限制吗?这与SSL/TLS连接有关.
Does anyone know where and how to set this limit? This is regarding SSL/ TLS connections.
推荐答案
如果您使用的是OpenSSL,并且希望在一定数量的字节后进行重新协商,则可以使用BIO_set_ssl_renegotiate_bytes
.如果您希望它在一定时间间隔后发生,则可以使用BIO_set_ssl_renegotiate_timeout
.
If you are using OpenSSL and you want a renegotiation to happen after a certain number of bytes, you can use BIO_set_ssl_renegotiate_bytes
. If you want it to happen after a certain interval of time has elapsed, you can use BIO_set_ssl_renegotiate_timeout
.
相反,如果您想设置允许重新协商的频率上限,我认为OpenSSL对此没有明确的支持.相反,您可以向BIO_set_info_callback
注册一个信息回调,然后等待SSL_ST_RENEGOTIATE
通知.如果您观察到它们的频率大于想要的速率,请采取一些措施(例如,关闭连接).
If, instead, you want to set an upper limit on how often renegotiation is allowed, I don't think OpenSSL has explicit support for that. Instead, you might register an info callback with BIO_set_info_callback
and then wait for SSL_ST_RENEGOTIATE
notifications. If you observe them at a rate greater than you want, take some action (eg close the connection).
这篇关于叛徒率限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!