maskit commented on issue #12473:
URL:
https://github.com/apache/trafficserver/issues/12473#issuecomment-3250584364
Although closing the both side of the connections doesn't seem to be correct
and that should be fixed, returning `false` from `allow_half_open()` on HTTPS
connection is no longer always correct either. TLS 1.3 has half-open concept
unlike the older versions.
> Each party MUST send a "close_notify" alert before closing its write
side of the connection, unless it has already sent some error alert.
This does not have any effect on its read side of the connection.
Note that this is a change from versions of TLS prior to TLS 1.3 in
which implementations were required to react to a "close_notify" by
discarding pending writes and sending an immediate "close_notify"
alert of their own.
https://datatracker.ietf.org/doc/html/rfc8446#section-6.1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
