VA should set a timeout on challenge connections #226
Milestone
Comments
|
I think this is a bug that we aren't doing it. Also it should be an audit event. |
|
For SimpleHTTPS, we have an HTTP-level timeout, but I think we need to add a TCP-level one. For DVSNI there's no timeout that I see. Per https://groups.google.com/forum/#!topic/golang-nuts/7p61fSVtJ5k, here's what we probably need to do:
|
Merged
jsha
pushed a commit
that referenced
this issue
Nov 28, 2016
This PR updates the `github.com/prometheus/client_golang` dependency to the v0.8.0 release tag. For future note, `godep update github.com/prometheus/client_golang/prometheus/promhttp` doesn't work correctly for this package due to the nesting structure (See tools/godep#164). This can be worked around by using `godep update github.com/prometheus/client_golang/...` instead ¯\\\_(ツ)\_/¯ Per `CONTRIBUTING.md` I verified the unit tests pass: ``` daniel@XXXXXX:~/go/src/github.com/prometheus/client_golang$ git show -s commit c5b7fccd204277076155f10851dad72b76a49317 Merge: a4d14b3 1b26087 Author: Björn Rabenstein <bjoern@rabenste.in> Date: Wed Aug 17 17:48:24 2016 +0200 Merge pull request #226 from prometheus/beorn7/alloc Bring back zero-alloc label-value access for metric vecs daniel@XXXXXX:~/go/src/github.com/prometheus/client_golang$ go test ./... ok github.com/prometheus/client_golang/api/prometheus 0.003s ? github.com/prometheus/client_golang/examples/random [no test files] ? github.com/prometheus/client_golang/examples/simple [no test files] ok github.com/prometheus/client_golang/prometheus 28.661s ok github.com/prometheus/client_golang/prometheus/promhttp 0.013s ok github.com/prometheus/client_golang/prometheus/push 0.007s ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Otherwise it's possible for servers to stall the connection for a long time and do a resource starvation attack.
The text was updated successfully, but these errors were encountered: