From 8c4bbc025e66f05a0db74bcecc955e5c4842fb29 Mon Sep 17 00:00:00 2001
From: Mike Luu <github@munkyboy.com>
Date: Mon, 23 Aug 2021 14:52:04 -0700
Subject: [PATCH] Allow setting timeout during TLS Handshake

Buggy clients might never respond during the TLS handshake phase. This
change adds a config setting to set a read timeout before calling
handshake. I think the handshake involves multiple reads but this
setting should help with clients who never respond.
---
 server.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server.go b/server.go
index 352597b..5dfbee5 100644
--- a/server.go
+++ b/server.go
@@ -38,6 +38,7 @@ type Server struct {
 	handler                 Handler
 	lastError               error
 	readTimeoutMilliseconds int64
+	tlsHandshakeTimeout     time.Duration
 	tlsPeerNameFunc         TlsPeerNameFunc
 	datagramPool            sync.Pool
 }
@@ -66,6 +67,10 @@ func (s *Server) SetTimeout(millseconds int64) {
 	s.readTimeoutMilliseconds = millseconds
 }
 
+func (s *Server) SetTlsHandshakeTimeout(d time.Duration) {
+	s.tlsHandshakeTimeout = d
+}
+
 // Set the function that extracts a TLS peer name from the TLS connection
 func (s *Server) SetTlsPeerNameFunc(tlsPeerNameFunc TlsPeerNameFunc) {
 	s.tlsPeerNameFunc = tlsPeerNameFunc
@@ -206,6 +211,9 @@ func (s *Server) goScanConnection(connection net.Conn) {
 	tlsPeer := ""
 	if tlsConn, ok := connection.(*tls.Conn); ok {
 		// Handshake now so we get the TLS peer information
+		if s.tlsHandshakeTimeout > 0 {
+			tlsConn.SetDeadline(time.Now().Add(s.tlsHandshakeTimeout))
+		}
 		if err := tlsConn.Handshake(); err != nil {
 			connection.Close()
 			return