You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2015/03/26 21:18:53 UTC
[jira] [Commented] (TS-2709) ATS don't send "close notify" before
close connection which break rfc standard and cause some unepected results
[ https://issues.apache.org/jira/browse/TS-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382577#comment-14382577 ]
ASF subversion and git services commented on TS-2709:
-----------------------------------------------------
Commit 03734d05e28af8a7b105a0579056c913fb5d1bc5 in trafficserver's branch refs/heads/master from shinrich
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=03734d0 ]
TS-2709: ATS does not send close-notify on shutdown.
> ATS don't send "close notify" before close connection which break rfc standard and cause some unepected results
> ---------------------------------------------------------------------------------------------------------------
>
> Key: TS-2709
> URL: https://issues.apache.org/jira/browse/TS-2709
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: kang li
> Assignee: Bryan Call
> Fix For: 5.0.0
>
>
> ATS directly send FIN to client without send "close notify" before it. This break rfc standard. This can be easily reproduced by set
> CONFIG proxy.config.http.keep_alive_enabled_in INT 0
> http://tools.ietf.org/html/rfc5246#section-7.2.1
> 7.2.1. Closure Alerts
> The client and the server must share knowledge that the connection is
> ending in order to avoid a truncation attack. Either party may
> initiate the exchange of closing messages.
> close_notify
> This message notifies the recipient that the sender will not send
> any more messages on this connection. Note that as of TLS 1.1,
> failure to properly close a connection no longer requires that a
> session not be resumed. This is a change from TLS 1.0 to conform
> with widespread implementation practice.
> Either party may initiate a close by sending a close_notify alert.
> Any data received after a closure alert is ignored.
> This cause Safari on Apple devices send "fatal alert 0" in some condition. This would generate a lot of "error" log in diags.log. Apple's SSL library libsecurity_ssl treat unexpected shutdown as fatal error in some times.
> ERROR: SSL::44:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)