[openssl-users] Shutdown details

Jordan Brown openssl at jordan.maileater.net
Mon Aug 13 18:13:05 UTC 2018

On 8/12/2018 12:59 PM, Viktor Dukhovni wrote:
> Which is a change from previously required behaviour:
>    https://tools.ietf.org/html/rfc8446#section-6.1
>    Each party MUST send a "close_notify" alert before closing its write
>    side of the connection, unless it has already sent some error alert.
>    This does not have any effect on its read side of the connection.
>    Note that this is a change from versions of TLS prior to TLS 1.3 in
>    which implementations were required to react to a "close_notify" by
>    discarding pending writes and sending an immediate "close_notify"
>    alert of their own.  That previous requirement could cause truncation
>    in the read side.  Both parties need not wait to receive a
>    "close_notify" alert before closing their read side of the
>    connection, though doing so would introduce the possibility of
>    truncation.

I'm curious:  how did this ever work for HTTPS, where for a POST request
you have to see the end of the request body before you can (in general)
send the response?

Jordan Brown, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180813/72ebb5a3/attachment.html>

More information about the openssl-users mailing list