Added configuration item for handshake timeout on SSL channel (#531)

dsshf · dsoulayrol · commit 6c4c136189ad · 2023-02-08T09:35:17.000+01:00
diff --git a/broker/src/main/java/io/moquette/BrokerConstants.java b/broker/src/main/java/io/moquette/BrokerConstants.java
@@ -78,6 +78,7 @@ public final class BrokerConstants {
     public static final String NETTY_TCP_NODELAY_PROPERTY_NAME = "netty.tcp_nodelay";
     public static final String NETTY_SO_KEEPALIVE_PROPERTY_NAME = "netty.so_keepalive";
     public static final String NETTY_CHANNEL_TIMEOUT_SECONDS_PROPERTY_NAME = "netty.channel_timeout.seconds";
+    public static final String NETTY_CHANNEL_HANDSHAKE_TIMEOUT_SECONDS_PROPERTY_NAME = "netty.channel_handshake_timeout.seconds";
     public static final String NETTY_EPOLL_PROPERTY_NAME = "netty.epoll";
     public static final String NETTY_MAX_BYTES_PROPERTY_NAME = "netty.mqtt.message_size";
     public static final int DEFAULT_NETTY_MAX_BYTES_IN_MESSAGE = 8092;
diff --git a/broker/src/main/java/io/moquette/broker/NewNettyAcceptor.java b/broker/src/main/java/io/moquette/broker/NewNettyAcceptor.java
@@ -133,6 +133,7 @@ public void operationComplete(ChannelFuture future) throws Exception {
     private boolean nettyTcpNodelay;
     private boolean nettySoKeepalive;
     private int nettyChannelTimeoutSeconds;
+    private int nettyChannelHandshakeTimeoutSeconds;
     private int maxBytesInMessage;
 
     private Class<? extends ServerSocketChannel> channelClass;
@@ -145,6 +146,8 @@ public void initialize(NewNettyMQTTHandler mqttHandler, IConfig props, ISslConte
         nettyTcpNodelay = props.boolProp(BrokerConstants.NETTY_TCP_NODELAY_PROPERTY_NAME, true);
         nettySoKeepalive = props.boolProp(BrokerConstants.NETTY_SO_KEEPALIVE_PROPERTY_NAME, true);
         nettyChannelTimeoutSeconds = props.intProp(BrokerConstants.NETTY_CHANNEL_TIMEOUT_SECONDS_PROPERTY_NAME, 10);
+        nettyChannelHandshakeTimeoutSeconds = props.intProp(
+                BrokerConstants.NETTY_CHANNEL_HANDSHAKE_TIMEOUT_SECONDS_PROPERTY_NAME, 10);
         maxBytesInMessage = props.intProp(BrokerConstants.NETTY_MAX_BYTES_PROPERTY_NAME,
                 BrokerConstants.DEFAULT_NETTY_MAX_BYTES_IN_MESSAGE);
 
@@ -414,6 +417,7 @@ public void close() {
     }
 
     private ChannelHandler createSslHandler(SocketChannel channel, SslContext sslContext, boolean needsClientAuth) {
+        SslHandler handler;
         SSLEngine sslEngine = sslContext.newEngine(
                 channel.alloc(),
                 channel.remoteAddress().getHostString(),
@@ -422,6 +426,10 @@ private ChannelHandler createSslHandler(SocketChannel channel, SslContext sslCon
         if (needsClientAuth) {
             sslEngine.setNeedClientAuth(true);
         }
-        return new SslHandler(sslEngine);
+
+        handler = new SslHandler(sslEngine);
+        handler.setHandshakeTimeoutMillis(nettyChannelHandshakeTimeoutSeconds * 1000);
+
+        return handler;
     }
 }
diff --git a/distribution/src/main/resources/moquette.conf b/distribution/src/main/resources/moquette.conf
@@ -141,9 +141,16 @@ password_file config/password_file.conf
 # netty.mqtt.message_size : by default the max size of message is set at 8092 bytes
 # http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836
 # Fore more information about payload size specs.
+#
+# Optional
+# netty.channel_handshake_timeout.seconds:
+#       The number of seconds before the SSL handshake times out. The
+#       value is provided to Netty's SslHandler, and its current
+#       default value is 10.
 #*********************************************************************
 # netty.epoll true
 # netty.mqtt.message_size 8092
+# netty.channel_handshake_timeout.seconds 10
 
 #*********************************************************************
 # Command session queues
