SSL trouble

[Andrew Loewenstern]

Bill Stewart writes:
>  The main failure mode seems to have been misconfigured clients
>  grabbing the single-threaded server for a long time; it may be
>  worth using a multi-threaded server, or alternatively a
>  single-threaded server that has a fast timeout for how long it will
>  talk to a client.

Single-user is just plain silly.  With a fast timeout you still have problems  
with misconfigured clients hogging the server and legitimate clients that are  
running a little slow will also have problems.  The server in the second  
challenge did have a fast timeout (it was too fast to easily query the server  
by hand, for instance) and it still wasn't adequate.  I can't imagine making  
the timeout smaller.  multi-user is the only way to go...

andrew