Working on a small server application using SSLServerSocket to accept() incoming connections, it seems that incomplete SSL negotiation can completely block incoming connections. It seems that each un-negotiated connection occupies one backlog slot - so once you have 50 or so connections that haven't yet completed negotiations no new users are able to connect. These incomplete connections don't seem to time out by default either.

Is there any easy way to change this in my code so that SSL negotiation must be completed within 10 seconds or it fails?