diff options
| author | Ingela Anderton Andin <[email protected]> | 2016-12-22 23:05:10 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2017-01-17 09:59:22 +0100 |
| commit | 1364c7308e17d43d1a2244e3f2bf11cfec3789ef (patch) | |
| tree | eac3ed9408e6e5873c9821193c0a0ebd4bddf8b6 /lib/ssl/test | |
| parent | 605a4627a7383829559a1595457b860c1317da48 (diff) | |
| download | otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.gz otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.bz2 otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.zip | |
ssl: Handle really big handshake packages
If a handshake message is really big it could happen that the ssl
process would hang due to failing of requesting more data from the
socket. This has been fixed.
Also added option to limit max handshake size. It has a default
value that should be big enough to handle normal usage and small
enough to mitigate DoS attacks.
Diffstat (limited to 'lib/ssl/test')
| -rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 52c1af5b4c..de5895d7ba 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -136,7 +136,8 @@ options_tests() -> honor_server_cipher_order, honor_client_cipher_order, unordered_protocol_versions_server, - unordered_protocol_versions_client + unordered_protocol_versions_client, + max_handshake_size ]. options_tests_tls() -> @@ -3860,6 +3861,29 @@ unordered_protocol_versions_client(Config) when is_list(Config) -> ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg). %%-------------------------------------------------------------------- +max_handshake_size() -> + [{doc,"Test that we can set max_handshake_size to max value."}]. + +max_handshake_size(Config) when is_list(Config) -> + ClientOpts = ssl_test_lib:ssl_options(client_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_opts, Config), + + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, send_recv_result_active, []}}, + {options, [{max_handshake_size, 8388607} |ServerOpts]}]), + Port = ssl_test_lib:inet_port(Server), + + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, send_recv_result_active, []}}, + {options, [{max_handshake_size, 8388607} | ClientOpts]}]), + + ssl_test_lib:check_result(Server, ok, Client, ok). + +%%-------------------------------------------------------------------- server_name_indication_option() -> [{doc,"Test API server_name_indication option to connect."}]. |