[ https://issues.apache.org/jira/browse/MESOS-10012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joseph Wu deleted MESOS-10012: ------------------------------ > Implement SSL socket downgrading on the native Windows SSL socket. > ------------------------------------------------------------------ > > Key: MESOS-10012 > URL: https://issues.apache.org/jira/browse/MESOS-10012 > Project: Mesos > Issue Type: Task > Reporter: Joseph Wu > Assignee: Joseph Wu > Priority: Minor > Labels: foundations > > The logic needed to determine whether a connection is SSL or not is already > established in the libevent SSL socket: > {code} > // Based on the function 'ssl23_get_client_hello' in openssl, we > // test whether to dispatch to the SSL or non-SSL based accept based > // on the following rules: > // 1. If there are fewer than 3 bytes: non-SSL. > // 2. If the 1st bit of the 1st byte is set AND the 3rd byte is > // equal to SSL2_MT_CLIENT_HELLO: SSL. > // 3. If the 1st byte is equal to SSL3_RT_HANDSHAKE AND the 2nd > // byte is equal to SSL3_VERSION_MAJOR and the 6th byte is > // equal to SSL3_MT_CLIENT_HELLO: SSL. > // 4. Otherwise: non-SSL. > // For an ascii based protocol to falsely get dispatched to SSL it > // needs to: > // 1. Start with an invalid ascii character (0x80). > // 2. OR have the first 2 characters be a SYN followed by ETX, and > // then the 6th character be SOH. > // These conditions clearly do not constitute valid HTTP requests, > // and are unlikely to collide with other existing protocols. > bool ssl = false; // Default to rule 4. > if (size < 2) { // Rule 1. > ssl = false; > } else if ((data[0] & 0x80) && data[2] == SSL2_MT_CLIENT_HELLO) { // Rule 2. > ssl = true; > } else if (data[0] == SSL3_RT_HANDSHAKE && > data[1] == SSL3_VERSION_MAJOR && > data[5] == SSL3_MT_CLIENT_HELLO) { // Rule 3. > ssl = true; > } > {code} > This only requires us to peek at the first 6 bytes of data. One possible > complication is that Overlapped sockets do not support peeking. -- This message was sent by Atlassian Jira (v8.3.4#803005)