From: Liu Y. <yub...@gm...> - 2009-02-04 10:35:14
|
Claes Wikstrom wrote: > Liu Yubao wrote: >> Hi, >> >> I guess the timeout argument is given to ssl:transport_accept by mistake, >> so I make a patch to prevent ssl acceptor exiting frequently for timeout. >> >> This patch is made against yaws-1.77 but also can be applied to yaws-1.79 >> successfully. >> > > Looking at the code, I agree it doesn't look good. But I honestly don't > think it's a mistake. There are quite a few high profile sites that run > an awful lot of ssl traffic. I think it's at least a security vulnerability, compared to the first yaws_server:do_accept/1, it's reasonable to hang forever to wait a new tcp connection but not reasonable to hang forever to finish a ssl handshake. On the other side, I'm afraid the current style will harm the performance to accept new ssl connection. > > However, I cannot remember why that timeout clause is there. > Anyone ?? Tobbe, Magnus ?? > > /klacke > |