Mitigate TLS matching issues on FreeBSD when X25519Kyber768Draft00 is…

… involved (#252)
mholt · Oct 4, 2024 · bdee6a6 · bdee6a6
1 parent ea27408
commit bdee6a6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/layer4/connection.go b/layer4/connection.go
@@ -137,6 +137,11 @@ func (cx *Connection) Wrap(conn net.Conn) *Connection {
 func (cx *Connection) prefetch() (err error) {
 	var n int
 
+        // TODO: FreeBSD will not match TLS with X25519Kyber768Draft00 based TLS ClientHello.
+        // Adding a short sleep here mitigates this behavior and makes TLS match.
+        // This needs a proper solution in the future.
+        time.Sleep(1 * time.Millisecond)
+
 	// read once
 	if len(cx.buf) < MaxMatchingBytes {
 		free := cap(cx.buf) - len(cx.buf)