Alternative TLS implementation in Go
0d94116736
This change causes TLS handshake messages to be buffered and written in a single Write to the underlying net.Conn. There are two reasons to want to do this: Firstly, it's slightly preferable to do this in order to save sending several, small packets over the network where a single one will do. Secondly, since 37c28759ca46cf381a466e32168a793165d9c9e9 errors from Write have been returned from a handshake. This means that, if a peer closes the connection during a handshake, a “broken pipe” error may result from tls.Conn.Handshake(). This can mask any, more detailed, fatal alerts that the peer may have sent because a read will never happen. Buffering handshake messages means that the peer will not receive, and possibly reject, any of a flow while it's still being written. Fixes #15709 Change-Id: I38dcff1abecc06e52b2de647ea98713ce0fb9a21 Reviewed-on: https://go-review.googlesource.com/23609 Reviewed-by: Andrew Gerrand <adg@golang.org> Run-TryBot: Andrew Gerrand <adg@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> |
||
|---|---|---|
| testdata | ||
| alert.go | ||
| cipher_suites.go | ||
| common.go | ||
| conn_test.go | ||
| conn.go | ||
| example_test.go | ||
| generate_cert.go | ||
| handshake_client_test.go | ||
| handshake_client.go | ||
| handshake_messages_test.go | ||
| handshake_messages.go | ||
| handshake_server_test.go | ||
| handshake_server.go | ||
| handshake_test.go | ||
| key_agreement.go | ||
| prf_test.go | ||
| prf.go | ||
| ticket.go | ||
| tls_test.go | ||
| tls.go | ||