#include <SSLIOP_Accept_Strategy.h>
Inheritance diagram for TAO_SSLIOP_Accept_Strategy:
Public Methods | |
TAO_SSLIOP_Accept_Strategy (TAO_ORB_Core *orb_core, const ACE_Time_Value &timeout) | |
Constructor. | |
virtual int | accept_svc_handler (handler_type *svc_handler) |
Private Attributes | |
const ACE_Time_Value | timeout_ |
The accept() timeout. |
This accept strategy builds on on the TAO_Accept_Strategy implementation. It sub-classes that class, and overrides the accept_svc_handler() method so that a timeout value may be passed to the underlying peer acceptor. This is necessary to defend against a simple Denial-of-Service attack.
Since SSL requires two handshakes, one TCP and one SSL, it is possible for a malicious client to establish a TCP connection to the SSL port, and never complete the SSL handshake. The underlying SSL passive connection code would block/hang waiting for the SSL handshake to complete. Given enough incomplete connections where only the TCP handshake is completed, a server process could potentially run out of available file descriptors, thus preventing legitimate client connections from being established.
|
Constructor.
|
|
Overridden method that forces a passive connection timeout value to be passed to the underlying acceptor. |
|
The accept() timeout. This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake. |