On Fri, Nov 3, 2017 at 3:32 AM, Matt Caswell <m...@openssl.org> wrote: > Just skimming this old thread...doesn't this fail in the case where the > five tuple has been reused? In that case five_tuples.lookup will return > an old stale connection which the server thinks is still valid so we > never get to lookup the connection id. With an explicit marking we would > not fail in this scenario.
I'm assuming that once a connection is closed (or moved), the entry is removed. There's some fudging needed there for migrations (it might be in two places at once for a while), but I don't see a significant problem. (Note that I didn't include the update parts of this code - when a packet decrypts successfully, you need to update the five_tuples list.) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
