TLS sandboxing

Nils Goroll slink at
Wed Sep 4 06:50:04 UTC 2019

That is an interesting exercise, thank you, Dridi.

For TLS on TCP, I would hope that passing the session key and file descriptor
would work. Have you checked already to which extend this is supported by
existing library code?

Yet with the H3/QUIC madness on the horizon, I am not sure if connect()ing the
SOCK_DGRAM and passing the fd would work. The way I read the QUIC draft,
connections are primarily identified by their ID and migrations need to be
supported. I have made no coding attempt on my own, but my impression was that
the natural implementation the authors had in mind was a recvfrom(2) loop
matching packets based on their connection ID with spoof detection.

So, Dridi, have you had a closer look yet if/how your idea could work with QUIC?

Somehow related: How about having the process owning the private keys also
handle all receives into multiple ringbuffers, somehow similar to vsm, but with
overrun protection?


More information about the varnish-dev mailing list