tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: svn commit: r1074675 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/
Date Tue, 01 Mar 2011 00:16:34 GMT
On 2/28/2011 4:49 PM, Mark Thomas wrote:
> It isn't clear to me if you are voting -1
on the above commit, and the following commits. r1074675

If you wish to do this, it should at least include:
1. input filters need to check if they retrieved the entire body
if only partial, why even attempt a reneg and make your thread hang for soTimeout while it
fails. this is another DoS scenario. the system 
knows if it read the entire body or not. it's part of the protocol itself, no need to rely
on timeouts for a reneg to fail.

2. don't change the names of all the flags, since it makes the diffs so much harder to review.
just change the lines pertinent to the change.

3. implement rehandshake as simple as possible, by using the handshake(...) and using its
return code

4. SSLAuthenticator should have a flag to fail directly without trying to reneg if the connector
is misconfigured to avoid reneg for clients 
vulnerable to the man in the middle reneg attack

5. SSLAuthenticator should be able to find out if the cert truly was client-auth or if it
came from another source. otherwise, putting 
httpd/mod_jk in front of it, and I can bypass client-auth as the document states is required

6. And if you want the most performant solution, instead of opening a selector on the same
thread, just call sslEngine.beginHandshake, add 
the connection to the poller, and return from the call all together. this way, the worker
thread is not in use during a handshake, and it's 
done in the poller just like the initial hand shake. this protects you from slow clients using
up threads. this is of course more 
complicated, so I would not expect it in the first iteration.

I would say the other connectors would benefit from improvements in 1,4,5 as well.

Filip



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message