[openssl-users] Receive throttling on SSL sockets

[Michael Wojcik]

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Alex H
> Sent: Saturday, May 19, 2018 15:53
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] Receive throttling on SSL sockets

> >  Flow control really, really, *really* seems like an application-layer task to me in the case of TLS. I think adding it to TLS
> > itself would be a mistake.

> This whole thread of messages kind of already concluded that this is not possible currently.

I don't believe it did. It concluded that the server can't impose flow control by itself.

> You simply cannot implement proper flow control since doing so would potentially throttle writes, not just reads. You
> need a TLS data window to do it properly.

If the client and server both participate in flow control - that is, if they implement the window announcements and output throttling at the application level - then there's no need to do it in TLS.

A cooperating client and server can implement any sort of traffic shaping they want.

What's not possible in TLS is throttling implemented solely by one side, without cooperation from the peer application.


In any case, this has drifted far afield from the purpose of openssl-users. I pesonally don't think flow control should be part of TLS, but I don't care strongly enough to, for example, argue against it on the IETF TLS mailing list.

Michael Wojcik
Distinguished Engineer, Micro Focus