| Ticket Hash: | b9d780ee7ec207120b2e586b489dd7985c7372ef | ||
| Title: | server socket doesn't reply close_notify | ||
| Status: | Closed | Type: | Incident |
| Severity: | Critical | Priority: | Immediate |
| Subsystem: | Resolution: | Fixed | |
| Last Modified: |
2025-10-11 22:20:40 19.0 days ago |
Created: |
2023-06-21 18:22:53 2.36 years ago |
| Version Found In: | tls1.7.21 | ||
| User Comments: | ||||
anonymous added on 2023-06-21 18:22:53:
package require Tcl 8.5.13 Steps: Opening server tls socket (tls::socket) Client connects and tls1.3 handshake completes successfully Data exchanged Server tls socket closed (close) close_notify received from client Server sent [ACK] Client sent [FIN, ACK] Server sent [ACK] Server sent [RST, ACK] Questions: 1) no response to close_notify sent by server? expected? 2) if disabled tls1.3 (i.e. set to false), then also no response to close_notify sent by server? expected? 3) how to fix so that server will respond to client's close_notify bohagan added on 2025-10-11 22:20:40:
This is fixed in [1505883e4a18b50e] and [cbeb34c75f0f49c7]. We now detect an EOF due to close_notify from the peer via the SSL_ERROR_ZERO_RETURN status. We also now send the close_notify as part SSL_shutdown in the TlsIO.c close function. So, when the server closes the connection, the close_notify will be sent to the client. | ||||