Make TLS link listener accept connections concurrently

eclipse-zenoh / zenoh

zenoh unifies data in motion, data in-use, data at rest and computations. It carefully blends traditional pub/sub with geo-distributed storages, queries and computations, while retaining a level of time and space efficiency that is well beyond any of the mainstream stacks.

https://zenoh.io

Other

1.52k stars 161 forks source link

Make TLS link listener accept connections concurrently #1570

Closed fuzzypixelz closed 3 weeks ago

fuzzypixelz commented 4 weeks ago

The existing TLS link listener implementation is vulnerable to DoS attacks between accepting a TCP connection and completing the TLS handshake. In #1514 a timeout was added but this proved ineffective when the attacker re-establishes TCP connections at a high rate.

fuzzypixelz commented 3 weeks ago

aws-lc-rs is known to cause issues when cross compiling Zenoh, so I'll mark this as draft until the changes in https://github.com/tmccombs/tls-listener/pull/46 are released in the next version of tls-listener.

fuzzypixelz commented 3 weeks ago

aws-lc-rs is known to cause issues when cross compiling Zenoh, so I'll mark this as draft until the changes in tmccombs/tls-listener#46 are released in the next version of tls-listener.

All good now.