/plushcap/analysis/cloudflare/know-your-scm_rights

Know your SCM_RIGHTS

What's this blog post about?

In 2018, Vlad Krasnov discussed how Cloudflare implemented TLS 1.3 on top of the Go TLS library and made a Go replica of nginx-ssl (go-ssl). The challenge was to make two different processes written in two different programming languages share the same TCP socket. They used Linux's SCM_RIGHTS feature, which allows passing file descriptors between applications using UNIX-domain sockets. This method enabled Cloudflare to implement TLS 1.3 without affecting customers or clients who did not enable it and allowed for quick iteration and frequent releases.

Company
Cloudflare

Date published
Nov. 29, 2018

Author(s)
Vlad Krasnov

Word count
1728

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.