Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Namespace Members   Compound Members   File Members   Related Pages  

TAO_SSLIOP_Accept_Strategy Class Reference

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation. More...

#include <SSLIOP_Accept_Strategy.h>

Inheritance diagram for TAO_SSLIOP_Accept_Strategy:

Inheritance graph
Collaboration diagram for TAO_SSLIOP_Accept_Strategy:

Collaboration graph
List of all members.

Public Methods

 TAO_SSLIOP_Accept_Strategy (TAO_ORB_Core *orb_core, const ACE_Time_Value &timeout)

virtual int accept_svc_handler (handler_type *svc_handler)

Private Attributes

const ACE_Time_Value timeout_
 The accept() timeout.

Detailed Description

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation.

This accept strategy builds on on the TAO_Accept_Strategy implementation. It sub-classes that class, and overrides the accept_svc_handler() method so that a timeout value may be passed to the underlying peer acceptor. This is necessary to defend against a simple Denial-of-Service attack.

Since SSL requires two handshakes, one TCP and one SSL, it is possible for a malicious client to establish a TCP connection to the SSL port, and never complete the SSL handshake. The underlying SSL passive connection code would block/hang waiting for the SSL handshake to complete. Given enough incomplete connections where only the TCP handshake is completed, a server process could potentially run out of available file descriptors, thus preventing legitimate client connections from being established.

The timeout defense alluded to above bounds the time this sort of DoS attack lasts.

Constructor & Destructor Documentation

TAO_SSLIOP_Accept_Strategy::TAO_SSLIOP_Accept_Strategy TAO_ORB_Core   orb_core,
const ACE_Time_Value   timeout


Member Function Documentation

int TAO_SSLIOP_Accept_Strategy::accept_svc_handler handler_type   svc_handler [virtual]

Overridden method that forces a passive connection timeout value to be passed to the underlying acceptor.

Member Data Documentation

const ACE_Time_Value TAO_SSLIOP_Accept_Strategy::timeout_ [private]

The accept() timeout.

This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake.

The documentation for this class was generated from the following files:
Generated on Fri Apr 2 19:12:56 2004 for TAO_SSLIOP by doxygen1.2.18