On Thu, Nov 30, 2000 at 02:09:28PM -0800, Sudeep Sudhakaran wrote:
> I am sorry for the lack of expertise. The basic reason I want to use
> SSL is to prevent unauthorised clients from connecting to the server
> and for secured communication. So If some non-ssl client connects to
> mys erver, I dont want my server to hang.
That's what I meant by DOS (denial of service) attack- a hostile
client could connect, not send the epected bytes, and block your server.
This isn't an SSL specific problem, it's a problem with any server program
that expects a certain amount of client input. A complete well-behaved
server will take steps to deal with a client that connects to it and
does not send the expected input, or at the least not be blocked by it.
The Unix way is to fork off a child for each connection and set an alarm.
I beleive that the Windows analogue is to use threads. The appropriate place
to deal with this is in the server, not OpenSSL.
>
> --
> Sudeep Sudhakaran
> [EMAIL PROTECTED] - email
> (212) 894-3704 x3120 - voicemail/fax
>
>
>
> ---- Eric Murray <[EMAIL PROTECTED]> wrote:
> > On Thu, Nov 30, 2000 at 01:01:16PM -0800, Sudeep Sudhakaran wrote:
> > > Basically I am working on the Modified WSock sample from msdn for
> > providing
> > > ssl support to my communication. Thing work fine when I connect from
> > > the right ssl client .
> > >
> > > If I connect from a Non-ssl client SSL_Accept function doesnt return.
> > > It waits infinitely blocking my other operation because the Non-ssl
> > client
> > > never initiated a ssl-handshake. How do I overcome this problem.
> >
> > Either don't connect from a non-SSL client, or connect and negotiate
> > when to start SSL. The former is prefered.
> >
> > If it's a DOS attack that worries you, then do it in threads so
> > your main program isn't blocked.
> >
> > This topic belongs on the openssl-users list, not openssl-dev.
> >
> >
> > --
> > Eric Murray Consulting Security Architect SecureDesign
> > LLC
> > http://www.securedesignllc.com PGP keyid:E03F65E5
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> __________________________________________________
> FREE voicemail, email, and fax...all in one place.
> Sign Up Now! http://www.onebox.com
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Eric Murray Consulting Security Architect SecureDesign LLC
http://www.securedesignllc.com PGP keyid:E03F65E5
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
