It looks like a remote denial-of-service (via stack overflow) on the server can be triggered by continuously sending SSLRequest, since handleSSLRequestMessage recursively calls serveConnStartup and the call from serveConnStartup to handleSSLRequestMessage isn't a tail call.
This PR introduces a startupState type for managing the lifecycle of the startup phase.
It looks like a remote denial-of-service (via stack overflow) on the server can be triggered by continuously sending
SSLRequest
, sincehandleSSLRequestMessage
recursively callsserveConnStartup
and the call fromserveConnStartup
tohandleSSLRequestMessage
isn't a tail call.This PR introduces a
startupState
type for managing the lifecycle of the startup phase.