Re: [Erlyaws-list] [PATCH] make ssl acceptor not exit frequently for timeout

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Claes Wikstrom wrote:
> Liu Yubao wrote:
>> Hi,
>>
>> I guess the timeout argument is given to ssl:transport_accept by mistake,
>> so I make a patch to prevent ssl acceptor exiting frequently for timeout.
>>
>> This patch is made against yaws-1.77 but also can be applied to yaws-1.79
>> successfully.
>>
> 
> Looking at the code, I agree it doesn't look good. But I honestly don't
> think it's a mistake. There are quite a few high profile sites that run
> an awful lot of ssl traffic.
I think it's at least a security vulnerability, compared to the first
yaws_server:do_accept/1, it's reasonable to hang forever to wait a new
tcp connection but not reasonable to hang forever to finish a ssl handshake.

On the other side, I'm afraid the current style will harm the performance
to accept new ssl connection.

> 
> However, I cannot remember why that timeout clause is there.
> Anyone ?? Tobbe, Magnus ??
> 
> /klacke
> 