You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently consumers of s2n-tls are responsible for implementing reasonable timeouts to deal with malicious behavior.
Solution:
s2n-tls could implement a reasonable timeout (e.g. 10 seconds) to make default usage of s2n-tls more resilient and efficient. s2n-quic has similar protections in place.
Requirements / Acceptance Criteria:
Customers that write naive event loops without timeouts should have some basic level of protection against simple slow-loris style attacks.
Out of scope:
Even if this is infeasible for the C library due to backwards compatibility concerns, we might consider doing it for a smaller subset of customers. Perhaps just the rust bindings.
The text was updated successfully, but these errors were encountered:
Problem:
Currently consumers of s2n-tls are responsible for implementing reasonable timeouts to deal with malicious behavior.
Solution:
s2n-tls could implement a reasonable timeout (e.g. 10 seconds) to make default usage of s2n-tls more resilient and efficient. s2n-quic has similar protections in place.
Requirements / Acceptance Criteria:
Customers that write naive event loops without timeouts should have some basic level of protection against simple slow-loris style attacks.
Out of scope:
Even if this is infeasible for the C library due to backwards compatibility concerns, we might consider doing it for a smaller subset of customers. Perhaps just the rust bindings.
The text was updated successfully, but these errors were encountered: