Tim Regovich <[EMAIL PROTECTED]> writes: > *always* operate in non blocking mode. The code may > be slightly more complex but will *always* work > better. I don't agree with this. Getting non-blocking code correct with OpenSSL is quite tricky. If you don't need non-blocking, there's no reason to do it.
> goven that statement, the problem is still relevant, > since the connecting end cold just stay open > forecever, eating up your sockets, so you have just > pushed the timeout to a different section of code. i > would recoomend a different sort of timeout, since for > slow connections you could have the handshake take a > while. You would wnat to timeout on netwok > inactivity, not handshake time. Even this doesn't work very well since the attacker can just feed you one byte at a time just inside your timeout interval.... -Ekr ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
