Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
fix-tls-listener-dos.patch | fix DoS vulnerability in the SSL listener SSL_accept() would hang indefinitely with clients that say nothing during TLS handshake as described in <https://github.com/pistacheio/pistache/issues/1104>. . This patch sets a fixed handshake timeout to 10 seconds in order to avoid changing public interfaces. . It also cherry-picks upstream commit ef30dcc75881544f37d7c3dcb2e3f6d897721d53 which tests if the behaviour of the TLS listener is actually fixed. |
Andrea Pappacoda <andrea@pappacoda.it> | yes | upstream | backport, commit:101ee7cc96c7b10b12156388c41fe3bed6f878fa | 2023-03-08 |