The server end appears to be GlobalScape EFT running on a windows server. I will summarize the IBM response:
When SSL is not involved, TCP will normally go through a graceful connection teardown sequence where one side initiates the connection closure by sending out a FIN. The other side acks that FIN and sends out their own FIN... When SSL is involved or when an application is implemented to end the connection with a Reset (using SOLINGER), one side can send out a FIN then the application immediately closes down its socket. Then anything with data comes in after that results in a Reset coming out. When the other side receives the Reset, their TCP immediately cleans up that connection. Using this SSL session as an example, the remote side sends out the FIN. At this point, the application on the remote side seems to have already closed down its socket. When we receive the FIN, SSL layer still needs to send out the SSL alert. Therefore, we are not sending out our FIN just yet because we're still waiting for the ack for the FIN. The remote side then sends back the ack along with the Reset. When we receive the Reset, we clean up the connection without any further communication. -- Donald J. dona...@4email.net On Sat, Aug 9, 2014, at 09:44 AM, Michael Wojcik wrote: > Well, it sounds like someone needs to modify the client, then, if you > want to use SSL/TLS. > > "should return a FIN before RST" is an oversimplification, and possibly > incorrect, depending on what "should" means in this context. There is no > simple explanation of this. > ... -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
