Fix for issue 4229: Removed call to getHostName for now to prevent the conn...

boli

18.32.2009 556c5bc192b91d7c7423ac8f5769369818862d62

Fix for issue 4229: Removed call to getHostName for now to prevent the connection handler thread from hanging and causting potential DoS attacks.

 opends/src/server/org/opends/server/extensions/TLSByteChannel.java

@@ -96,9 +96,16 @@

        this.socketChannel = socketChannel;
        this.connection = c;
        String hostName = socketChannel.socket().getInetAddress().getHostName();
        int port = socketChannel.socket().getPort();
        sslEngine = sslContext.createSSLEngine(hostName, port);
      // getHostName could potentially be very expensive and could block
      // the connection handler for several minutes. (See issue 4229)
      // Accepting new connections should be done in a seperate thread to
      // avoid blocking new connections. Just remove for now to prevent
      // potential DoS attacks. SSL sessions will not be reused and some
      // cipher suites (such as Kerberos) will not work.
      //String hostName = socketChannel.socket().getInetAddress().getHostName();
      //int port = socketChannel.socket().getPort();
      //sslEngine = sslContext.createSSLEngine(hostName, port);
        sslEngine = sslContext.createSSLEngine();
        sslEngine.setUseClientMode(false);
        Set<String> protocols = config.getSSLProtocol();
        if (!protocols.isEmpty())