[openssl-users] Receive throttling on SSL sockets

[Jordan Brown]

I should make it clear that I don't have a stake here.  Lack of flow
control hasn't caused me problems personally, and I'm not responsible
for implementing and maintaining a TLS infrastructure.  This is purely
an intellectual exercise for me.

There were comments suggesting that, because TLS is an
ordered-byte-stream protocol that needs control messages in both
directions at all times, TLS couldn't support flow control.  That seems
clearly wrong; it clearly could.  (As you say, we could just layer TCP
on top of it.)

Should it?  My mild feeling is "yes", since it's already got a record
and control message structure and so it wouldn't be necessary to invent
another protocol on top of it.  Yes, that makes TLS more complicated,
but would it be any more complicated than an additional
application-visible layer would be?  It seems like the answer is that
any complexity from a TLS-layer implementation would be primarily in the
TLS implementation, whereas an additional layer would necessarily impose
complexity on the application, over and above the complexity of the flow
control implementation itself.

-- 
Jordan Brown, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180519/e901d3b8/attachment-0001.html>