<div dir="ltr">I think the best solution would be to simply state in the documentation of my implementation that "throttling receives on SSL sockets will significantly reduce data receive but will not guarantee a total halt".<div><br></div><div>Agree?</div><div><br></div><div>What do you think of the way Node.js handles this? They _must_ be using some kind of internal backup queue for cases like these, right?</div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-05-19 11:02 GMT+02:00 Alex H <span dir="ltr"><<a href="mailto:alexhultman@gmail.com" target="_blank">alexhultman@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Okay that's a good theoretical answer but practically not very useful.<div dir="auto"><br></div><div dir="auto">I know for instance Node.js to implement their Streams interface with both TCP and SSL sockets. They both have pause / resume functions for receive-throttling and I've tested it with SSL and it seems to work somehow.</div><div dir="auto"><br></div><div dir="auto">One solution (I guess?) would be to stop polling for readable until SSL_write demands data then immediately stop polling for readable again once SSL_write is happy. In the case of getting unwanted data while throttling then SSL_peek can be used instead of SSL_read. That would not guarantee no buildup but would work for the most part, right?</div><div dir="auto"><br></div><div dir="auto">Do you see any flaw with this? Could it still fail due to mass buildup when throttling for long?</div></div><br><div class="gmail_quote"><div><div class="h5"><div dir="ltr">Den lör 19 maj 2018 04:57Salz, Rich via openssl-users <<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>> skrev:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="m_1961947906939467554m_642785336153135WordSection1">
<p class="MsoNormal">TLS is a bidirectional protocol. You can’t throttle only one side.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Alex H <<a href="mailto:alexhultman@gmail.com" rel="noreferrer" target="_blank">alexhultman@gmail.com</a>><br>
<b>Reply-To: </b>openssl-users <<a href="mailto:openssl-users@openssl.org" rel="noreferrer" target="_blank">openssl-users@openssl.org</a>><br>
<b>Date: </b>Friday, May 18, 2018 at 7:21 PM<br>
<b>To: </b>openssl-users <<a href="mailto:openssl-users@openssl.org" rel="noreferrer" target="_blank">openssl-users@openssl.org</a>><br>
<b>Subject: </b>[openssl-users] Receive throttling on SSL sockets<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">How do you properly implement receive throttling on SSL sockets without hindering writing?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">As opposed to raw TCP sockets, an SSL socket cannot be receive-throttled simply by stop polling for readable events on the underlying raw TCP socket. SSL_write still could require reading of data so simply stop polling for readable would
potentially hinder writing of data which is not okay.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Is there any such receive-throttling functionality in the SSL protocol itself? I don't see how SSL_peek would solve the issue since I would still be buffering (potentially uncontrolled amount of) data in a BIO.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Even if I would _only_ enable readable polling when _absolutely needed_ as per SSL_write error, I still cannot guarantee not reading a chunk of data (which I would then need to buffer up in a BIO since the application is not expecting it).<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">How are we supposed to solve this issue without potentially building up backpressure?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks<u></u><u></u></p>
</div>
</div>
</div>
</div></div></div><span class="HOEnZb"><font color="#888888">
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div></blockquote></div><br></div>