Lack of timeout for SSL handshake leads to connection leak

[finnbear]

The following procedure, for which I have made a reproducible example, will cause actix-web to leak a TCP connection in the ESTABLISHED state:

1. Create an HttpServer and call bind_rustls
2. Establish a TcpStream to the address of the binding
3. Don't do an SSL handshake
4. Disable TCP keepalive on the stream's file descriptor for good measure
5. mem::forget the stream to avoid closing it normally

To avoid this leak, I suggest you add a configurable SSL handshake timeout.

Note: My example was originally intended to reproduce #351, but I was unable to do so with synthetic load (I didn't attempt a connection flood).

[fakeshadow]

A temporary fix for this.(Only for rustls module)
#393

[fakeshadow]

This is a potential security issue for user expose tls directly with actix-net based app.

Idealy there should be a timeout for tls accept(server side handshake) and h2/h3 handshake. My suggestion on the long term is that actix-tls should be inlined into actix-http(At least for the accept/server part). This would enable managing timeout in one place(function) with a single timer. It would be more clear for the security goal and more performant.

[finnbear]

A temporary fix for this.

Can confirm that this solves the problem shown by my example 🎉

[finnbear]

#393 was merged (yay!), so this issue can be closed AFAIK. I'll keep it open in case it is being used as a reminder to update a changelog.

[robjtede]

Leaving open until it's configurable from the -web crates.

created easier to track issue in -web