Skip to content

bpo-29970: Time out SSL handshake if not complete after 10 seconds #4825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Dec 19, 2017
Merged

bpo-29970: Time out SSL handshake if not complete after 10 seconds #4825

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1e85836
Time out SSL handshake if not complete after 10 seconds
mocmocamoc Dec 12, 2017
b7467e4
Add test for SSL handshake timeout
mocmocamoc Dec 13, 2017
f655c5c
Add news and ACKS entries
mocmocamoc Dec 13, 2017
85c9d7a
Fixing whitespace issue
mocmocamoc Dec 13, 2017
3168967
Make handshake_timeout configurable, use short timeout for tests
mocmocamoc Dec 13, 2017
0b2d3cc
Expose handshake_timeout via start/create_server
mocmocamoc Dec 13, 2017
ef373ca
Rename handshake_timeout to ssl_handshake_timeout, add documentation
mocmocamoc Dec 13, 2017
4ca9f14
Fix whitespace issue
mocmocamoc Dec 13, 2017
630efbb
Add ssl_handshake_timeout arg to all loop methods that take ssl arg
mocmocamoc Dec 14, 2017
654f974
Merge remote-tracking branch 'upstream/master' into ssl_handshake_tim…
mocmocamoc Dec 15, 2017
b80e768
Added SSL_HANDSHAKE_TIMEOUT to constants.py
mocmocamoc Dec 17, 2017
6d5ed76
Cancel SSL handshake check once successful, PEP8 and test fixes
mocmocamoc Dec 18, 2017
ec887cd
Fix lonely parentheses
mocmocamoc Dec 18, 2017
fa4249e
Add ssl_handshake_timeout to asyncio documentation
mocmocamoc Dec 19, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 34 additions & 5 deletions Doc/library/asyncio-eventloop.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ Tasks
Creating connections
--------------------

.. coroutinemethod:: AbstractEventLoop.create_connection(protocol_factory, host=None, port=None, \*, ssl=None, family=0, proto=0, flags=0, sock=None, local_addr=None, server_hostname=None)
.. coroutinemethod:: AbstractEventLoop.create_connection(protocol_factory, host=None, port=None, \*, ssl=None, family=0, proto=0, flags=0, sock=None, local_addr=None, server_hostname=None, ssl_handshake_timeout=10.0)

Create a streaming transport connection to a given Internet *host* and
*port*: socket family :py:data:`~socket.AF_INET` or
Expand Down Expand Up @@ -325,6 +325,13 @@ Creating connections
to bind the socket to locally. The *local_host* and *local_port*
are looked up using getaddrinfo(), similarly to *host* and *port*.

* *ssl_handshake_timeout* is (for an SSL connection) the time in seconds
to wait for the SSL handshake to complete before aborting the connection.

.. versionadded:: 3.7

The *ssl_handshake_timeout* parameter.

.. versionchanged:: 3.5

On Windows with :class:`ProactorEventLoop`, SSL/TLS is now supported.
Expand Down Expand Up @@ -386,7 +393,7 @@ Creating connections
:ref:`UDP echo server protocol <asyncio-udp-echo-server-protocol>` examples.


.. coroutinemethod:: AbstractEventLoop.create_unix_connection(protocol_factory, path=None, \*, ssl=None, sock=None, server_hostname=None)
.. coroutinemethod:: AbstractEventLoop.create_unix_connection(protocol_factory, path=None, \*, ssl=None, sock=None, server_hostname=None, ssl_handshake_timeout=10.0)

Create UNIX connection: socket family :py:data:`~socket.AF_UNIX`, socket
type :py:data:`~socket.SOCK_STREAM`. The :py:data:`~socket.AF_UNIX` socket
Expand All @@ -404,6 +411,10 @@ Creating connections

Availability: UNIX.

.. versionadded:: 3.7

The *ssl_handshake_timeout* parameter.

.. versionchanged:: 3.7

The *path* parameter can now be a :class:`~pathlib.Path` object.
Expand All @@ -412,7 +423,7 @@ Creating connections
Creating listening connections
------------------------------

.. coroutinemethod:: AbstractEventLoop.create_server(protocol_factory, host=None, port=None, \*, family=socket.AF_UNSPEC, flags=socket.AI_PASSIVE, sock=None, backlog=100, ssl=None, reuse_address=None, reuse_port=None)
.. coroutinemethod:: AbstractEventLoop.create_server(protocol_factory, host=None, port=None, \*, family=socket.AF_UNSPEC, flags=socket.AI_PASSIVE, sock=None, backlog=100, ssl=None, reuse_address=None, reuse_port=None, ssl_handshake_timeout=10.0)

Create a TCP server (socket type :data:`~socket.SOCK_STREAM`) bound to
*host* and *port*.
Expand Down Expand Up @@ -456,6 +467,13 @@ Creating listening connections
set this flag when being created. This option is not supported on
Windows.

* *ssl_handshake_timeout* is (for an SSL server) the time in seconds to wait
for the SSL handshake to complete before aborting the connection.

.. versionadded:: 3.7

The *ssl_handshake_timeout* parameter.

.. versionchanged:: 3.5

On Windows with :class:`ProactorEventLoop`, SSL/TLS is now supported.
Expand All @@ -470,7 +488,7 @@ Creating listening connections
The *host* parameter can now be a sequence of strings.


.. coroutinemethod:: AbstractEventLoop.create_unix_server(protocol_factory, path=None, \*, sock=None, backlog=100, ssl=None)
.. coroutinemethod:: AbstractEventLoop.create_unix_server(protocol_factory, path=None, \*, sock=None, backlog=100, ssl=None, ssl_handshake_timeout=10.0)

Similar to :meth:`AbstractEventLoop.create_server`, but specific to the
socket family :py:data:`~socket.AF_UNIX`.
Expand All @@ -481,11 +499,15 @@ Creating listening connections

Availability: UNIX.

.. versionadded:: 3.7

The *ssl_handshake_timeout* parameter.

.. versionchanged:: 3.7

The *path* parameter can now be a :class:`~pathlib.Path` object.

.. coroutinemethod:: BaseEventLoop.connect_accepted_socket(protocol_factory, sock, \*, ssl=None)
.. coroutinemethod:: BaseEventLoop.connect_accepted_socket(protocol_factory, sock, \*, ssl=None, ssl_handshake_timeout=10.0)

Handle an accepted connection.

Expand All @@ -500,8 +522,15 @@ Creating listening connections
* *ssl* can be set to an :class:`~ssl.SSLContext` to enable SSL over the
accepted connections.

* *ssl_handshake_timeout* is (for an SSL connection) the time in seconds to
wait for the SSL handshake to complete before aborting the connection.

When completed it returns a ``(transport, protocol)`` pair.

.. versionadded:: 3.7

The *ssl_handshake_timeout* parameter.

.. versionadded:: 3.5.3


Expand Down
63 changes: 39 additions & 24 deletions Lib/asyncio/base_events.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import warnings
import weakref

from . import constants
from . import coroutines
from . import events
from . import futures
Expand Down Expand Up @@ -293,9 +294,11 @@ def _make_socket_transport(self, sock, protocol, waiter=None, *,
"""Create socket transport."""
raise NotImplementedError

def _make_ssl_transport(self, rawsock, protocol, sslcontext, waiter=None,
*, server_side=False, server_hostname=None,
extra=None, server=None):
def _make_ssl_transport(
self, rawsock, protocol, sslcontext, waiter=None,
*, server_side=False, server_hostname=None,
extra=None, server=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
"""Create SSL transport."""
raise NotImplementedError

Expand Down Expand Up @@ -653,10 +656,12 @@ async def getnameinfo(self, sockaddr, flags=0):
return await self.run_in_executor(
None, socket.getnameinfo, sockaddr, flags)

async def create_connection(self, protocol_factory, host=None, port=None,
*, ssl=None, family=0,
proto=0, flags=0, sock=None,
local_addr=None, server_hostname=None):
async def create_connection(
self, protocol_factory, host=None, port=None,
*, ssl=None, family=0,
proto=0, flags=0, sock=None,
local_addr=None, server_hostname=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
"""Connect to a TCP server.

Create a streaming transport connection to a given Internet host and
Expand Down Expand Up @@ -769,7 +774,8 @@ async def create_connection(self, protocol_factory, host=None, port=None,
f'A Stream Socket was expected, got {sock!r}')

transport, protocol = await self._create_connection_transport(
sock, protocol_factory, ssl, server_hostname)
sock, protocol_factory, ssl, server_hostname,
ssl_handshake_timeout=ssl_handshake_timeout)
if self._debug:
# Get the socket from the transport because SSL transport closes
# the old socket and creates a new SSL socket
Expand All @@ -778,8 +784,10 @@ async def create_connection(self, protocol_factory, host=None, port=None,
sock, host, port, transport, protocol)
return transport, protocol

async def _create_connection_transport(self, sock, protocol_factory, ssl,
server_hostname, server_side=False):
async def _create_connection_transport(
self, sock, protocol_factory, ssl,
server_hostname, server_side=False,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):

sock.setblocking(False)

Expand All @@ -789,7 +797,8 @@ async def _create_connection_transport(self, sock, protocol_factory, ssl,
sslcontext = None if isinstance(ssl, bool) else ssl
transport = self._make_ssl_transport(
sock, protocol, sslcontext, waiter,
server_side=server_side, server_hostname=server_hostname)
server_side=server_side, server_hostname=server_hostname,
ssl_handshake_timeout=ssl_handshake_timeout)
else:
transport = self._make_socket_transport(sock, protocol, waiter)

Expand Down Expand Up @@ -947,15 +956,17 @@ async def _create_server_getaddrinfo(self, host, port, family, flags):
raise OSError(f'getaddrinfo({host!r}) returned empty list')
return infos

async def create_server(self, protocol_factory, host=None, port=None,
*,
family=socket.AF_UNSPEC,
flags=socket.AI_PASSIVE,
sock=None,
backlog=100,
ssl=None,
reuse_address=None,
reuse_port=None):
async def create_server(
self, protocol_factory, host=None, port=None,
*,
family=socket.AF_UNSPEC,
flags=socket.AI_PASSIVE,
sock=None,
backlog=100,
ssl=None,
reuse_address=None,
reuse_port=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
"""Create a TCP server.

The host parameter can be a string, in that case the TCP server is
Expand Down Expand Up @@ -1044,13 +1055,16 @@ async def create_server(self, protocol_factory, host=None, port=None,
for sock in sockets:
sock.listen(backlog)
sock.setblocking(False)
self._start_serving(protocol_factory, sock, ssl, server, backlog)
self._start_serving(protocol_factory, sock, ssl, server, backlog,
ssl_handshake_timeout)
if self._debug:
logger.info("%r is serving", server)
return server

async def connect_accepted_socket(self, protocol_factory, sock,
*, ssl=None):
async def connect_accepted_socket(
self, protocol_factory, sock,
*, ssl=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
"""Handle an accepted connection.

This is used by servers that accept connections outside of
Expand All @@ -1063,7 +1077,8 @@ async def connect_accepted_socket(self, protocol_factory, sock,
raise ValueError(f'A Stream Socket was expected, got {sock!r}')

transport, protocol = await self._create_connection_transport(
sock, protocol_factory, ssl, '', server_side=True)
sock, protocol_factory, ssl, '', server_side=True,
ssl_handshake_timeout=ssl_handshake_timeout)
if self._debug:
# Get the socket from the transport because SSL transport closes
# the old socket and creates a new SSL socket
Expand Down
3 changes: 3 additions & 0 deletions Lib/asyncio/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,6 @@
# The larger the number, the slower the operation in debug mode
# (see extract_stack() in format_helpers.py).
DEBUG_STACK_DEPTH = 10

# Number of seconds to wait for SSL handshake to complete
SSL_HANDSHAKE_TIMEOUT = 10.0
46 changes: 31 additions & 15 deletions Lib/asyncio/events.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,16 +250,20 @@ async def getaddrinfo(self, host, port, *,
async def getnameinfo(self, sockaddr, flags=0):
raise NotImplementedError

async def create_connection(self, protocol_factory, host=None, port=None,
*, ssl=None, family=0, proto=0,
flags=0, sock=None, local_addr=None,
server_hostname=None):
raise NotImplementedError

async def create_server(self, protocol_factory, host=None, port=None,
*, family=socket.AF_UNSPEC,
flags=socket.AI_PASSIVE, sock=None, backlog=100,
ssl=None, reuse_address=None, reuse_port=None):
async def create_connection(
self, protocol_factory, host=None, port=None,
*, ssl=None, family=0, proto=0,
flags=0, sock=None, local_addr=None,
server_hostname=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
raise NotImplementedError

async def create_server(
self, protocol_factory, host=None, port=None,
*, family=socket.AF_UNSPEC,
flags=socket.AI_PASSIVE, sock=None, backlog=100,
ssl=None, reuse_address=None, reuse_port=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
"""A coroutine which creates a TCP server bound to host and port.

The return value is a Server object which can be used to stop
Expand Down Expand Up @@ -294,16 +298,25 @@ async def create_server(self, protocol_factory, host=None, port=None,
the same port as other existing endpoints are bound to, so long as
they all set this flag when being created. This option is not
supported on Windows.

ssl_handshake_timeout is the time in seconds that an SSL server
will wait for completion of the SSL handshake before aborting the
connection. Default is 10s, longer timeouts may increase vulnerability
to DoS attacks (see https://support.f5.com/csp/article/K13834)
"""
raise NotImplementedError

async def create_unix_connection(self, protocol_factory, path=None, *,
ssl=None, sock=None,
server_hostname=None):
async def create_unix_connection(
self, protocol_factory, path=None, *,
ssl=None, sock=None,
server_hostname=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
raise NotImplementedError

async def create_unix_server(self, protocol_factory, path=None, *,
sock=None, backlog=100, ssl=None):
async def create_unix_server(
self, protocol_factory, path=None, *,
sock=None, backlog=100, ssl=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
"""A coroutine which creates a UNIX Domain Socket server.

The return value is a Server object, which can be used to stop
Expand All @@ -320,6 +333,9 @@ async def create_unix_server(self, protocol_factory, path=None, *,

ssl can be set to an SSLContext to enable SSL over the
accepted connections.

ssl_handshake_timeout is the time in seconds that an SSL server
will wait for the SSL handshake to complete (defaults to 10s).
"""
raise NotImplementedError

Expand Down
20 changes: 13 additions & 7 deletions Lib/asyncio/proactor_events.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,11 +390,15 @@ def _make_socket_transport(self, sock, protocol, waiter=None,
return _ProactorSocketTransport(self, sock, protocol, waiter,
extra, server)

def _make_ssl_transport(self, rawsock, protocol, sslcontext, waiter=None,
*, server_side=False, server_hostname=None,
extra=None, server=None):
ssl_protocol = sslproto.SSLProtocol(self, protocol, sslcontext, waiter,
server_side, server_hostname)
def _make_ssl_transport(
self, rawsock, protocol, sslcontext, waiter=None,
*, server_side=False, server_hostname=None,
extra=None, server=None,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):
ssl_protocol = sslproto.SSLProtocol(
self, protocol, sslcontext, waiter,
server_side, server_hostname,
ssl_handshake_timeout=ssl_handshake_timeout)
_ProactorSocketTransport(self, rawsock, ssl_protocol,
extra=extra, server=server)
return ssl_protocol._app_transport
Expand Down Expand Up @@ -487,7 +491,8 @@ def _write_to_self(self):
self._csock.send(b'\0')

def _start_serving(self, protocol_factory, sock,
sslcontext=None, server=None, backlog=100):
sslcontext=None, server=None, backlog=100,
ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):

def loop(f=None):
try:
Expand All @@ -500,7 +505,8 @@ def loop(f=None):
if sslcontext is not None:
self._make_ssl_transport(
conn, protocol, sslcontext, server_side=True,
extra={'peername': addr}, server=server)
extra={'peername': addr}, server=server,
ssl_handshake_timeout=ssl_handshake_timeout)
else:
self._make_socket_transport(
conn, protocol,
Expand Down
Loading