Part of our application requires removing/adding SSL handlers in our Netty pipeline, we set a timeout on the SSL handshake to try and prevent Slowloris attacks. We're using Netty 4.1.44.Final.
When creating an SslHandler based on a server SSLEngine, we set a 2 second handshake timeout. However if the channel is idle for 1 second, we will replace the SslHandler with a new one with a client SSLEngine that will be able to successfully handshake. However the pipeline receives an javax.net.ssl.SSLException: handshake timed out from the original SslHandler.
Is there a better way to do this dynamic replacement of SslHandlers that allows setting a handshake timeout?
