You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2014/05/20 18:16:39 UTC
[jira] [Assigned] (TS-2709) ATS don't send "close notify" before
close connection which break rfc standard and cause some unepected results
[ https://issues.apache.org/jira/browse/TS-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Call reassigned TS-2709:
------------------------------
Assignee: Bryan Call
> ATS don't send "close notify" before close connection which break rfc standard and cause some unepected results
> ---------------------------------------------------------------------------------------------------------------
>
> Key: TS-2709
> URL: https://issues.apache.org/jira/browse/TS-2709
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: kang li
> Assignee: Bryan Call
> Fix For: 5.0.0
>
>
> ATS directly send FIN to client without send "close notify" before it. This break rfc standard. This can be easily reproduced by set
> CONFIG proxy.config.http.keep_alive_enabled_in INT 0
> http://tools.ietf.org/html/rfc5246#section-7.2.1
> 7.2.1. Closure Alerts
> The client and the server must share knowledge that the connection is
> ending in order to avoid a truncation attack. Either party may
> initiate the exchange of closing messages.
> close_notify
> This message notifies the recipient that the sender will not send
> any more messages on this connection. Note that as of TLS 1.1,
> failure to properly close a connection no longer requires that a
> session not be resumed. This is a change from TLS 1.0 to conform
> with widespread implementation practice.
> Either party may initiate a close by sending a close_notify alert.
> Any data received after a closure alert is ignored.
> This cause Safari on Apple devices send "fatal alert 0" in some condition. This would generate a lot of "error" log in diags.log. Apple's SSL library libsecurity_ssl treat unexpected shutdown as fatal error in some times.
> ERROR: SSL::44:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
--
This message was sent by Atlassian JIRA
(v6.2#6252)