TAO::SSLIOP::Accept_Strategy Class Reference

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation. More...

#include <SSLIOP_Accept_Strategy.h>

Inheritance diagram for TAO::SSLIOP::Accept_Strategy:

Inheritance graph
Collaboration diagram for TAO::SSLIOP::Accept_Strategy:

Collaboration graph
List of all members.

Public Member Functions

 Accept_Strategy (TAO_ORB_Core *orb_core, const ACE_Time_Value &timeout)
virtual int accept_svc_handler (handler_type *svc_handler)

Private Attributes

const ACE_Time_Value timeout_
 The accept() timeout.

Detailed Description

SSLIOP-specific accept strategy that builds on the TAO_Accept_Strategy implementation.

This accept strategy builds on on the TAO_Accept_Strategy implementation. It sub-classes that class, and overrides the accept_svc_handler() method so that a timeout value may be passed to the underlying peer acceptor. This is necessary to defend against a simple Denial-of-Service attack.

Since SSL requires two handshakes, one TCP and one SSL, it is possible for a malicious client to establish a TCP connection to the SSL port, and never complete the SSL handshake. The underlying SSL passive connection code would block/hang waiting for the SSL handshake to complete. Given enough incomplete connections where only the TCP handshake is completed, a server process could potentially run out of available file descriptors, thus preventing legitimate client connections from being established.
The timeout defense alluded to above bounds the time this sort of DoS attack lasts.

Constructor & Destructor Documentation

TAO::SSLIOP::Accept_Strategy::Accept_Strategy TAO_ORB_Core orb_core,
const ACE_Time_Value timeout


Member Function Documentation

int TAO::SSLIOP::Accept_Strategy::accept_svc_handler handler_type svc_handler  )  [virtual]

Overridden method that forces a passive connection timeout value to be passed to the underlying acceptor.

Member Data Documentation

const ACE_Time_Value TAO::SSLIOP::Accept_Strategy::timeout_ [private]

The accept() timeout.

This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake.

The documentation for this class was generated from the following files:
Generated on Wed Nov 23 16:31:13 2005 for TAO_SSLIOP by  doxygen 1.4.5