On Tue, Dec 05, 2000 at 11:33:14AM -0500, Sudeep Sudhakaran wrote:
>
> This is one solution which I have thought of .
> But what is bothering me is, why doesnt open SSL library return an error if
> the client doesnt initiate a handshake. There can be lot of scenarios in
> which this happens. What if somebody who just know the servers ip address
> and port number, tries to connect to the server.
> I am not talking about an external person but an Internal person.
>
> In this scenario, Server hangs...
Yes, the server hangs. It cannot be avoided. The SSL library has no idea
on whether the client will send a data packet or not. Maybe the client is
waiting for some user interaction.
The only way to overcome this problem is by introducing a timeout to the
_application_. If the server waited too long without something happening,
the connection is shut down. This is however the responsibility of the
application. How should the OpenSSL library decide, which timeout would
reasonable? Only the application knows the facts!!
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
