[openssl-users] Receive throttling on SSL sockets

Michael Wojcik Michael.Wojcik at microfocus.com
Sat May 19 13:51:51 UTC 2018


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Salz, Rich via openssl-users
> Sent: Saturday, May 19, 2018 08:48
> To: Alex H; openssl-users at openssl.org
> Subject: Re: [openssl-users] Receive throttling on SSL sockets

> There are TLS control messages which could flow in either direction, spontaneously.  Renegotiation (pre TLS 1.3),
> tickets (TLS 1.3), and so on.

Right. And TCP is an ordered byte-stream protocol. That means to receive a control message from the peer, the local stack *must* have received everything transmitted prior to it. (Modulo SACK, but SACK'd data preceeded by a gap is invisible to the application, so we should ignore it.)

And if that data fills the receive window so the peer can't send the control message, then the application *must* receive the data from the local stack. Peeking won't help in this case, because the control message is still stuck on the peer, waiting for the window to open. (Of course this is one reason why FTP used a separate control connection, for example - so that control messages didn't sit behind a lot of application data. That led to a number of other difficulties, so it wasn't a widely used design.)

In short:  When you get SSL_WANT_READ, you have to receive and buffer data. You can try peeking, but it's not guaranteed to be able to get far enough to find the control message, and SSL_peek is just buffering data within OpenSSL, so you're not doing any throttling that way.

This will be true of any TCP-based TLS implementation. It's not an OpenSSL implementation, and whatever else Node.js is doing, it must be buffering TLS traffic somewhere when it has to receive a control message.

Post-handshake control message flows don't happen that frequently; relatively short-lived conversations may never see one (until the final close_notify alert). So throttling may often work. But in the general case, sooner or later you'll have to buffer at the application level.

Michael Wojcik
Distinguished Engineer, Micro Focus




More information about the openssl-users mailing list