Hold off flushing NewSessionTicket until write.
In TLS 1.3, if the client doesn't read from the server, the server might hang
from a filled buffer while waiting for the client to read. Instead we avoid
flushing the NewSessionTicket until there is a write from the server.
Update-Note: This delays the flushing of the NewSessionTicket until the first
write. Consumers may need to force an empty write to send the tickets if they
aren't writing any data to the client.
Change-Id: Iec92043567e9a68c0a250533b7745eddeeae2341
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/34948
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index caaf0c7..13a89c0 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -950,7 +950,15 @@
}
hs->tls13_state = state_done;
- return sent_tickets ? ssl_hs_flush : ssl_hs_ok;
+ // In TLS 1.3, the NewSessionTicket isn't flushed until the server performs a
+ // write, to prevent a non-reading client from causing the server to hang in
+ // the case of a small server write buffer. Consumers which don't write data
+ // to the client will need to do a zero-byte write if they wish to flush the
+ // tickets.
+ if (hs->ssl->ctx->quic_method != nullptr && sent_tickets) {
+ return ssl_hs_flush;
+ }
+ return ssl_hs_ok;
}
enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
