Urjit Gokhale wrote: > I believe you are confusing tcp/ip connection establishment and SSL session > establishment. > ... and you should also remember that a reliable transport is a prerequisite for tls.
> The problem may occur when: > 1) Server is waiting for first SSL handshake packet in SSL_accept > 2) Client attempts to establish SSL handshake with SSL_connect > 3) SSL_connect fails even before it could send the first SSL handshake > packet. So the client has put nothing on the network. > Now, SSL_connect has returned an error in the client, and the server is > still blocked in SSL_accept. > > > i believe your problem maybe the case when a TCP session is in place but an SSL session is not started (client problems or a malicious client trying to DoS you). A timeout maybe what you are looking for. You could rely on tcp's timeout (if no data is sent & TCP_KEEPALIVE isn't selected, it should timeout) or have your own application timer to keep server resource's from being wasted by a incomplete sessions. -jb ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
