[openssl-users] Receive throttling on SSL sockets
Alex H
alexhultman at gmail.com
Sat May 19 19:53:13 UTC 2018
> Flow control really, really, *really* seems like an application-layer
task to me in the case of TLS. I think adding it to TLS itself would be a
mistake.
This whole thread of messages kind of already concluded that this is not
possible currently. You simply cannot implement proper flow control since
doing so would potentially throttle writes, not just reads. You need a TLS
data window to do it properly.
2018-05-19 21:42 GMT+02:00 Michael Wojcik <Michael.Wojcik at microfocus.com>:
> > From: Jordan Brown [mailto:openssl at jordan.maileater.net]
> > Sent: Saturday, May 19, 2018 14:08
> > To: openssl-users at openssl.org; Michael Wojcik; Alex H
> > Subject: Re: [openssl-users] Receive throttling on SSL sockets
>
> > TLS could (but as far as I can tell does not) have such a mechanism. It
> could have a window, like TCP, where the receiver
> > would say "you can send me 64K of data", and the sender wouldn't be
> allowed to send data (but could send control
> > messages) when that window is exhausted, until the receiver reopens the
> window. It could have control messages like
> > XON and XOFF that say "please stop sending me data (but control is OK)"
> and "resume sending data".
>
> Hey, if we're all bored with reinventing TCP on top of UDP, we can
> reinvent TCP on top of TCP!
>
> > It does seem like some sort of flow control would be desirable, so that
> the receiver doesn't have to have some way to
> > handle arbitrarily large amounts of data to keep the connection healthy.
> > Maybe in TLS 1.4.
>
> Good lord, isn't TLS complicated enough already? How many pages is the new
> edition of /Bulletproof TLS/? (I don't know because I have it in Kindle
> form. But it's long. Loooooong.)
>
> Flow control really, really, *really* seems like an application-layer task
> to me in the case of TLS. I think adding it to TLS itself would be a
> mistake.
>
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180519/0567b9a2/attachment.html>
More information about the openssl-users
mailing list