It looks like asyncio is much more sophisticated, but you should probably ask Antoine.
On Sun, Feb 28, 2016 at 12:54 PM, Victor Stinner <victor.stin...@gmail.com> wrote: > Hi, > > I got this email from the eventlet mailing list. Does asyncio have a > similar issue? > > Victor > > > ---------- Forwarded message ---------- > From: Sergey Shepelev <temo...@gmail.com> > Date: 2016-02-28 21:25 GMT+01:00 > Subject: [Eventletdev] important security fix test required > To: eventletdev <eventlet...@lists.secondlife.com> > > > Hello. > > TL;DR: if you use SSL and Eventlet in one program, please run this > version, DoS attack fixed. If there are no regressions, it will be > released shortly. > > Details: most likely you had a server with similar loop: > > while True: > conn, _ = server_sock.accept() > spawn(process, conn) > > Which is fine, but if server socket already was SSL wrapped, then by > default accept() tries to perform SSL handshake before returning the > connection. But handshake is a blocking operation so malicious client > could just connect and not start handshake and thus block server > before next accept(). > > -- > Sergey Shepelev > Skype: sergey.shepelev > +79996126031 > http://temoto.ru/ > > _______________________________________________ > Click here to unsubscribe or manage your list subscription: > https://lists.secondlife.com/cgi-bin/mailman/listinfo/eventletdev -- --Guido van Rossum (python.org/~guido)
