On 09/16/2015 01:51 PM, Henrik Grubbström wrote: > On Wed, Sep 16, 2015 at 12:02 PM, Florian Weimer <fwei...@redhat.com> wrote: >> On 09/15/2015 06:29 PM, Nico Williams wrote: > [...] >>> >>> But if you have a fatal error you'll be closing immediately anyways. >>> Does sending the fatal alert cause a problem other than increase the >>> likelihood of RSTs? What is the alternative considering that the next >>> step is to close the connection anyways? >> >> I'm trying to explain that any requirement to send fatal alerts will be >> difficult to implement. With the BSD sockets API, the only way to do >> that reliable is *not* to close the socket immediately, which is >> apparently not what you (or existing APIs) expect, and which is where >> the difficulty lies. > > What about SO_LINGER?
With full-duplex connections, it does not make a difference. TCP will still detect a data loss event, send the RST segment, and discard the queued fatal alert. -- Florian Weimer / Red Hat Product Security _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls