[ https://issues.apache.org/jira/browse/TS-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Call reassigned TS-2709: ------------------------------ Assignee: Bryan Call > ATS don't send "close notify" before close connection which break rfc > standard and cause some unepected results > --------------------------------------------------------------------------------------------------------------- > > Key: TS-2709 > URL: https://issues.apache.org/jira/browse/TS-2709 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: kang li > Assignee: Bryan Call > Fix For: 5.0.0 > > > ATS directly send FIN to client without send "close notify" before it. This > break rfc standard. This can be easily reproduced by set > CONFIG proxy.config.http.keep_alive_enabled_in INT 0 > http://tools.ietf.org/html/rfc5246#section-7.2.1 > 7.2.1. Closure Alerts > The client and the server must share knowledge that the connection is > ending in order to avoid a truncation attack. Either party may > initiate the exchange of closing messages. > close_notify > This message notifies the recipient that the sender will not send > any more messages on this connection. Note that as of TLS 1.1, > failure to properly close a connection no longer requires that a > session not be resumed. This is a change from TLS 1.0 to conform > with widespread implementation practice. > Either party may initiate a close by sending a close_notify alert. > Any data received after a closure alert is ignored. > This cause Safari on Apple devices send "fatal alert 0" in some condition. > This would generate a lot of "error" log in diags.log. Apple's SSL library > libsecurity_ssl treat unexpected shutdown as fatal error in some times. > ERROR: SSL::44:error:140943E8:SSL > routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0 -- This message was sent by Atlassian JIRA (v6.2#6252)