I've encountered a number of issues in which clients fail to reuse connections, or many clients are reconnect in parallel in such a way that overwhelms an Undertow server with many concurrent or successive handshakes, draining entropy and spiking CPU utilization.

This class of issue isn't unique to Undertow, however it would be helpful to expose a minimal API that would allow users to experiment with solutions. I would like to try imposing a concurrency limit and rate limit on handshakes, and reject (or close) new incoming connections similar to Options.CONNECTION_HIGH_WATER when limits have been exceeded.

A handshake timeout could be helpful, as well as the ability to provide a distinct Executor to SslConduit for delegated tasks, where we could measure time spent per handshake as well as limiting concurrent delegated tasks separately from the worker pool.

Is this something others have experimented with? I'd be happy to write an outline for a potential approach if we're in agreement that the concept is sound.

Thanks!