Know your SCM_RIGHTS
In 2018, Vlad Krasnov discussed how Cloudflare implemented TLS 1.3 on top of the Go TLS library and made a Go replica of nginx-ssl (go-ssl). The challenge was to make two different processes written in two different programming languages share the same TCP socket. They used Linux's SCM_RIGHTS feature, which allows passing file descriptors between applications using UNIX-domain sockets. This method enabled Cloudflare to implement TLS 1.3 without affecting customers or clients who did not enable it and allowed for quick iteration and frequent releases.
Company
Cloudflare
Date published
Nov. 29, 2018
Author(s)
Vlad Krasnov
Word count
1728
Hacker News points
None found.
Language
English