Handling of stale handshakes #343
Comments
We have the
What did you have in mind exactly ? When/how do we know we can remove an incomplete handshake ? |
I principally understood, that using the same My concern is, that if someone attacks using a lot of incomplete handshakes, the other connections based on successful handshakes, may be "garbage collected". With a shorter threshold for connections related to "ongoing handshakes" and switching to the longer threshold when the handshake gets successful would change the order of removing them and so lower the number of removed "connections based on successful handshakes".
Define a second, shorter threshold and use that, when a new connection with an ongoing handshake was started. I would also like to introduce a "active remove of connections with stale handshakes" but this would be more related to "feedback" for a triggering request and so not part of this issue. (So i remove the "actively" from my first post :-) ) |
Only after
FMPOV, this is the most valuable part. |
|
Timeout for all handshakes implemented by PR #782 |
During the discussion of #335 I was pointed to the current handling of stale handshakes
#335 (comment)
FMPOV I agree, that there is no reason to remove a DTLS session from the LRU cache (ConnectionStore), until the storage is required for something else.
But for "incomplete handshakes" I have my doubts, if this would not introduce a vulnerability, because some could fill the ConnectionStore with entries without having credentials, and force so other "authorized" clients to handshake again. I would therefore propose to remove the incomplete handshakes actively earlier.
So any opinions on that?
The text was updated successfully, but these errors were encountered: