[openssl-users] Receive throttling on SSL sockets

Michael Wojcik Michael.Wojcik at microfocus.com
Sat May 19 19:42:20 UTC 2018


> From: Jordan Brown [mailto:openssl at jordan.maileater.net]
> Sent: Saturday, May 19, 2018 14:08
> To: openssl-users at openssl.org; Michael Wojcik; Alex H
> Subject: Re: [openssl-users] Receive throttling on SSL sockets

> TLS could (but as far as I can tell does not) have such a mechanism.  It could have a window, like TCP, where the receiver
> would say "you can send me 64K of data", and the sender wouldn't be allowed to send data (but could send control
> messages) when that window is exhausted, until the receiver reopens the window.  It could have control messages like
> XON and XOFF that say "please stop sending me data (but control is OK)" and "resume sending data".

Hey, if we're all bored with reinventing TCP on top of UDP, we can reinvent TCP on top of TCP!

> It does seem like some sort of flow control would be desirable, so that the receiver doesn't have to have some way to
> handle arbitrarily large amounts of data to keep the connection healthy.
> Maybe in TLS 1.4.

Good lord, isn't TLS complicated enough already? How many pages is the new edition of /Bulletproof TLS/? (I don't know because I have it in Kindle form. But it's long. Loooooong.)

Flow control really, really, *really* seems like an application-layer task to me in the case of TLS. I think adding it to TLS itself would be a mistake.

Michael Wojcik
Distinguished Engineer, Micro Focus





More information about the openssl-users mailing list