summaryrefslogtreecommitdiffstats
path: root/Doc/library/ssl.rst
diff options
context:
space:
mode:
authorVictor Stinner <victor.stinner@gmail.com>2015-04-06 20:46:13 (GMT)
committerVictor Stinner <victor.stinner@gmail.com>2015-04-06 20:46:13 (GMT)
commit146907081c63f4dfbf77ffc77cf50516a3ad4495 (patch)
tree8e482a821b3d2de2899fba4c04d6bb575db00d76 /Doc/library/ssl.rst
parent222dfc7d94a785bd710642a8917aefa70e1ea714 (diff)
downloadcpython-146907081c63f4dfbf77ffc77cf50516a3ad4495.zip
cpython-146907081c63f4dfbf77ffc77cf50516a3ad4495.tar.gz
cpython-146907081c63f4dfbf77ffc77cf50516a3ad4495.tar.bz2
Issue #23853: Methods of SSL socket don't reset the socket timeout anymore each
time bytes are received or sent. The socket timeout is now the maximum total duration of the method. This change fixes a denial of service if the application is regulary interrupted by a signal and the signal handler does not raise an exception.
Diffstat (limited to 'Doc/library/ssl.rst')
-rw-r--r--Doc/library/ssl.rst18
1 files changed, 18 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index ef8540c..ccaa183 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -830,6 +830,11 @@ SSL Sockets
.. versionchanged:: 3.5
The :meth:`sendfile` method was added.
+ .. versionchanged:: 3.5
+ The :meth:`shutdown` does not reset the socket timeout each time bytes
+ are received or sent. The socket timeout is now to maximum total duration
+ of the shutdown.
+
SSL sockets also have the following additional methods and attributes:
@@ -845,6 +850,11 @@ SSL sockets also have the following additional methods and attributes:
As at any time a re-negotiation is possible, a call to :meth:`read` can also
cause write operations.
+ .. versionchanged:: 3.5
+ The socket timeout is no more reset each time bytes are received or sent.
+ The socket timeout is now to maximum total duration to read up to *len*
+ bytes.
+
.. method:: SSLSocket.write(buf)
Write *buf* to the SSL socket and return the number of bytes written. The
@@ -856,6 +866,10 @@ SSL sockets also have the following additional methods and attributes:
As at any time a re-negotiation is possible, a call to :meth:`write` can
also cause read operations.
+ .. versionchanged:: 3.5
+ The socket timeout is no more reset each time bytes are received or sent.
+ The socket timeout is now to maximum total duration to write *buf*.
+
.. note::
The :meth:`~SSLSocket.read` and :meth:`~SSLSocket.write` methods are the
@@ -877,6 +891,10 @@ SSL sockets also have the following additional methods and attributes:
:attr:`~SSLContext.check_hostname` attribute of the socket's
:attr:`~SSLSocket.context` is true.
+ .. versionchanged:: 3.5
+ The socket timeout is no more reset each time bytes are received or sent.
+ The socket timeout is now to maximum total duration of the handshake.
+
.. method:: SSLSocket.getpeercert(binary_form=False)
If there is no certificate for the peer on the other end of the connection,