IIRC latest asyncio uses BIO (not socket wrapper) for SSL processing, so it does never block.
On Sun, Feb 28, 2016 at 9:50 PM, Guido van Rossum <[email protected]> wrote: > It looks like asyncio is much more sophisticated, but you should > probably ask Antoine. > > On Sun, Feb 28, 2016 at 12:54 PM, Victor Stinner > <[email protected]> wrote: >> Hi, >> >> I got this email from the eventlet mailing list. Does asyncio have a >> similar issue? >> >> Victor >> >> >> ---------- Forwarded message ---------- >> From: Sergey Shepelev <[email protected]> >> Date: 2016-02-28 21:25 GMT+01:00 >> Subject: [Eventletdev] important security fix test required >> To: eventletdev <[email protected]> >> >> >> Hello. >> >> TL;DR: if you use SSL and Eventlet in one program, please run this >> version, DoS attack fixed. If there are no regressions, it will be >> released shortly. >> >> Details: most likely you had a server with similar loop: >> >> while True: >> conn, _ = server_sock.accept() >> spawn(process, conn) >> >> Which is fine, but if server socket already was SSL wrapped, then by >> default accept() tries to perform SSL handshake before returning the >> connection. But handshake is a blocking operation so malicious client >> could just connect and not start handshake and thus block server >> before next accept(). >> >> -- >> Sergey Shepelev >> Skype: sergey.shepelev >> +79996126031 >> http://temoto.ru/ >> >> _______________________________________________ >> Click here to unsubscribe or manage your list subscription: >> https://lists.secondlife.com/cgi-bin/mailman/listinfo/eventletdev > > > > -- > --Guido van Rossum (python.org/~guido) -- Thanks, Andrew Svetlov
