[PYTHON-CRYPTO] Some issues with M2Crypto 0.18 and timeouts
Jesus Cea
jcea at ARGO.ES
Wed Oct 3 18:04:34 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Heikki Toivonen wrote:
> You are the second or third person to ask about it in M2Crypto in the
> past 4 years, so it is not *that* frequent a request. I suspect most
> people use something more robust than plain M2Crypto for a server
> application (like Apache or Twisted). Client side is a different thing,
> of course.
Definitively M2Crypto, as is, is not suitable for server SSL, since DoS
(Denial of Service) is trivial :-(, unless the programmer fight the BIO
layer, hard.
> If you really want this simple solution, I'd advice first
> trying the patch in the bug I pointed out, and seeing how it works. If
> it does everything you need, reliably, I could consider applying the patch.
The patch proposed is good idea, but it has two problems:
1. SO_RCVTIMEO/SO_SNDTIMEO are *very* non-portable, not universally
supported and, worse, plagued with bugs and inconsistences between OS's
and releases.
2. The patch only considers timeout's in the SSL handshake, not in the
send/receive code, renegotiation, shutdown, etc.
> TLS Lite is pure Python, but can use various other native modules (if
> available) to speed up SSL: http://trevp.net/tlslite/
TLS Lite seems to support asyncronous (timeout) operations, but current
release is a bit dated (2005). Performance is an incognita.
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at argo.es http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
_/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBRwO9kZlgi5GaxT1NAQIlGAP/QQLej3bi9JjIGWSbR1krJzVnDvZ6WRP2
Bdco+5ulZFou6Smi6TMxuL6noQMNJo4CCMqBNcxoXP3PLrtzeKd+rNCMEvTgELGV
EZNDYVGv+whEBYF0PiIKYbJrTb1cJvQfv4mnlKPCgya0XzBpaGl/RMU4aMc46RAy
FN2b9m1C9CU=
=8p9p
-----END PGP SIGNATURE-----
More information about the python-crypto
mailing list