TAO::SSLIOP::Accept_Strategy Class Reference

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation. More...

#include <SSLIOP_Accept_Strategy.h>

Inheritance diagram for TAO::SSLIOP::Accept_Strategy:

[legend]Collaboration diagram for TAO::SSLIOP::Accept_Strategy:

[legend]List of all members.

Public Member Functions
	Accept_Strategy (TAO_ORB_Core *orb_core, const ACE_Time_Value &timeout)
	Constructor.
virtual int	accept_svc_handler (handler_type *svc_handler)
Private Attributes
const ACE_Time_Value	timeout_
	The accept() timeout.

---

Detailed Description

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation.

This accept strategy builds on on the TAO_Accept_Strategy implementation. It sub-classes that class, and overrides the accept_svc_handler() method so that a timeout value may be passed to the underlying peer acceptor. This is necessary to defend against a simple Denial-of-Service attack.

Since SSL requires two handshakes, one TCP and one SSL, it is possible for a malicious client to establish a TCP connection to the SSL port, and never complete the SSL handshake. The underlying SSL passive connection code would block/hang waiting for the SSL handshake to complete. Given enough incomplete connections where only the TCP handshake is completed, a server process could potentially run out of available file descriptors, thus preventing legitimate client connections from being established.

.

The timeout defense alluded to above bounds the time this sort of DoS attack lasts.

Definition at line 65 of file SSLIOP_Accept_Strategy.h.

---

Constructor & Destructor Documentation

TAO::SSLIOP::Accept_Strategy::Accept_Strategy (  TAO_ORB_Core *  orb_core, const ACE_Time_Value &  timeout )

Constructor.

---

Member Function Documentation

int TAO::SSLIOP::Accept_Strategy::accept_svc_handler (  handler_type *  svc_handler  )  [virtual]

Overridden method that forces a passive connection timeout value to be passed to the underlying acceptor. Definition at line 20 of file SSLIOP_Accept_Strategy.cpp. References ACE_TRACE, and ACE_Reactor::uses_event_associations(). { ACE_TRACE ("TAO::SSLIOP::Accept_Strategy::accept_svc_handler"); // The following code is basically the same code found in // ACE_Accept_Strategy::accept_svc_handler(). The only difference // is that a timeout value is passed to the peer acceptor's accept() // method. A timeout is necessary to prevent malicious or // misbehaved clients from only completing the TCP handshake and not // the SSL handshake. Without the timeout, a denial-of-service // vulnerability would exist where multiple incomplete SSL passive // connections (i.e. where only the TCP handshake is completed) // could result in the server process running out of file // descriptors. That would be due to the SSL handshaking process // blocking/waiting for the handshake to complete. // The timeout value will be modified. Make a copy. ACE_Time_Value timeout (this->timeout_); // Try to find out if the implementation of the reactor that we are // using requires us to reset the event association for the newly // created handle. This is because the newly created handle will // inherit the properties of the listen handle, including its event // associations. const int reset_new_handle = this->reactor_->uses_event_associations (); if (this->peer_acceptor_.accept (svc_handler->peer (), // stream 0, // remote address &timeout, // timeout 1, // restart reset_new_handle // reset new handler ) == -1) { // Close down handler to avoid memory leaks. svc_handler->close (0); return -1; } else return 0; }

---

Member Data Documentation

const ACE_Time_Value TAO::SSLIOP::Accept_Strategy::timeout_ [private]

The accept() timeout. This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake. Definition at line 87 of file SSLIOP_Accept_Strategy.h.

---

The documentation for this class was generated from the following files:

• SSLIOP_Accept_Strategy.h
• SSLIOP_Accept_Strategy.cpp

---