On Thu, 14 Nov 2024 16:50:51 +0100 Sabrina Dubroca wrote:
+To prevent attempting to decrypt incoming records using the wrong key, +decryption will be paused when a KeyUpdate message is received by the +kernel, until the new key has been provided using the TLS_RX socket +option. Any read occurring after the KeyUpdate has been read and +before the new key is provided will fail with EKEYEXPIRED. Poll()'ing +the socket will also sleep until the new key is provided. There is no +pausing on the transmit side.
Thanks for the doc update, very useful. I'm not a socket expert so dunno if suppressing POLLIN is the right thing to do. But a nit on the phrasing - I'd say "poll() will not report any events from the socket until.." ? Could be just me but sleep is a second order effect.