叛徒率限制 [英] renegotiate_rate_limit

问题描述

有人知道在哪里以及如何设置此限制吗?这与SSL/TLS连接有关.

Does anyone know where and how to set this limit? This is regarding SSL/ TLS connections.

推荐答案

如果您使用的是OpenSSL，并且希望在一定数量的字节后进行重新协商，则可以使用BIO_set_ssl_renegotiate_bytes.如果您希望它在一定时间间隔后发生，则可以使用BIO_set_ssl_renegotiate_timeout.

If you are using OpenSSL and you want a renegotiation to happen after a certain number of bytes, you can use BIO_set_ssl_renegotiate_bytes. If you want it to happen after a certain interval of time has elapsed, you can use BIO_set_ssl_renegotiate_timeout.

相反，如果您想设置允许重新协商的频率上限，我认为OpenSSL对此没有明确的支持.相反，您可以向BIO_set_info_callback注册一个信息回调，然后等待SSL_ST_RENEGOTIATE通知.如果您观察到它们的频率大于想要的速率，请采取一些措施(例如，关闭连接).

If, instead, you want to set an upper limit on how often renegotiation is allowed, I don't think OpenSSL has explicit support for that. Instead, you might register an info callback with BIO_set_info_callback and then wait for SSL_ST_RENEGOTIATE notifications. If you observe them at a rate greater than you want, take some action (eg close the connection).

这篇关于叛徒率限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！