You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benjamin Mahler (JIRA)" <ji...@apache.org> on 2017/09/01 23:31:02 UTC

[jira] [Created] (MESOS-7933) LibeventSSLSocket downgrade is broken, assumes HTTP.

Benjamin Mahler created MESOS-7933:
--------------------------------------

             Summary: LibeventSSLSocket downgrade is broken, assumes HTTP.
                 Key: MESOS-7933
                 URL: https://issues.apache.org/jira/browse/MESOS-7933
             Project: Mesos
          Issue Type: Bug
          Components: libprocess
            Reporter: Benjamin Mahler


The {{LibeventSSLSocket}}, in order to support downgrades, will peek at the first bytes received in order to figure out if SSL data is being sent.

This was done to allow us to handle both SSL and non-SSL traffic on the same port. However, this peeking assumes HTTP or some other protocol in which the client sends data first (and enough data for us to peek into). And of course, it's possible that some binary protocol happens to collide with what an SSL connection looks like!

This works for HTTP, so currently the {{LibeventSSLSocket}} is essentially an HTTP-only socket, it should not be used for anything else, especially binary traffic, and it won't work if the server needs to send first.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)