diff --git a/lib/connections/relay_dial.go b/lib/connections/relay_dial.go index 81d29da8d..d8fe3d3e7 100644 --- a/lib/connections/relay_dial.go +++ b/lib/connections/relay_dial.go @@ -52,7 +52,7 @@ func (d *relayDialer) Dial(id protocol.DeviceID, uri *url.URL) (IntermediateConn tc = tls.Client(conn, d.tlsCfg) } - err = tc.Handshake() + err = tlsTimedHandshake(tc) if err != nil { tc.Close() return IntermediateConnection{}, err diff --git a/lib/connections/relay_listen.go b/lib/connections/relay_listen.go index 9b00d3e0e..fd8e6faaf 100644 --- a/lib/connections/relay_listen.go +++ b/lib/connections/relay_listen.go @@ -85,7 +85,7 @@ func (t *relayListener) Serve() { tc = tls.Client(conn, t.tlsCfg) } - err = tc.Handshake() + err = tlsTimedHandshake(tc) if err != nil { tc.Close() l.Infoln("TLS handshake (BEP/relay):", err) diff --git a/lib/connections/service.go b/lib/connections/service.go index 543fae7c3..9a1d02979 100644 --- a/lib/connections/service.go +++ b/lib/connections/service.go @@ -36,7 +36,10 @@ var ( listeners = make(map[string]listenerFactory, 0) ) -const perDeviceWarningRate = 1.0 / (15 * 60) // Once per 15 minutes +const ( + perDeviceWarningRate = 1.0 / (15 * 60) // Once per 15 minutes + tlsHandshakeTimeout = 10 * time.Second +) // Service listens and dials all configured unconnected devices, via supported // dialers. Successful connections are handed to the model. @@ -607,3 +610,9 @@ func warningFor(dev protocol.DeviceID, msg string) { l.Warnln(msg) } } + +func tlsTimedHandshake(tc *tls.Conn) error { + tc.SetDeadline(time.Now().Add(tlsHandshakeTimeout)) + defer tc.SetDeadline(time.Time{}) + return tc.Handshake() +} diff --git a/lib/connections/tcp_dial.go b/lib/connections/tcp_dial.go index 0df544ebf..d1bf52175 100644 --- a/lib/connections/tcp_dial.go +++ b/lib/connections/tcp_dial.go @@ -40,7 +40,7 @@ func (d *tcpDialer) Dial(id protocol.DeviceID, uri *url.URL) (IntermediateConnec } tc := tls.Client(conn, d.tlsCfg) - err = tc.Handshake() + err = tlsTimedHandshake(tc) if err != nil { tc.Close() return IntermediateConnection{}, err diff --git a/lib/connections/tcp_listen.go b/lib/connections/tcp_listen.go index 35e95c95e..013f919a4 100644 --- a/lib/connections/tcp_listen.go +++ b/lib/connections/tcp_listen.go @@ -108,7 +108,7 @@ func (t *tcpListener) Serve() { } tc := tls.Server(conn, t.tlsCfg) - err = tc.Handshake() + err = tlsTimedHandshake(tc) if err != nil { l.Infoln("TLS handshake (BEP/tcp):", err) tc.Close()