Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
3x amplification limit for CONNECTION_CLOSE
We weren't very concrete in saying how endpoints generate packets with CONNECTION_CLOSE, particularly those that throw away keys. We have a rather vague requirement. In short, follow the same rules we established for the handshake. Wording this as an aggregate number allows for stochastic reactions and larger CONNECTION_CLOSE frames. This way, if you get a 25-byte packet and respond with a 200-byte packet, you can do that, but you have to respond to 3 in 8 or fewer in that way. Note that this limit only applies if the endpoint throws away decryption keys. Endpoints with keys aren't blind amplifiers. Closes #3845.
- Loading branch information