You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "alexander todorov (JIRA)" <ji...@apache.org> on 2015/02/26 14:41:04 UTC
[jira] [Commented] (DIRSTUDIO-1015) Question about the closing of
TLS connection in Apache Directory Studio
[ https://issues.apache.org/jira/browse/DIRSTUDIO-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14338396#comment-14338396 ]
alexander todorov commented on DIRSTUDIO-1015:
----------------------------------------------
In the RFC for TLS version 1 I see:
The client and the server must share knowledge that the connection is ending in order to avoid a truncation attack.
Each party is required to send a close_notify alert before closing the write side of the connection.
As I said by not calling StartTlsResponse.close() close_notify is not sent.
> Question about the closing of TLS connection in Apache Directory Studio
> -----------------------------------------------------------------------
>
> Key: DIRSTUDIO-1015
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1015
> Project: Directory Studio
> Issue Type: Question
> Reporter: alexander todorov
>
> Hi,
> I am looking in the sources of Apache Directory Studio and I have a question.
> In the class
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper
> I see that in the method disconnect, the connection is closed only by invoking of context.close() (context is of type InitialLdapContext).
> My question is:
> In case of using of StartTLS extension why don’t you call StartTlsResponse.close() prior to context.close() ?
> StartTlsResponse.close() sends the TLS alert - close_notify.
> Is it safe not to call StartTlsResponse.close() ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)