![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 5 years ago
Closed 5 years ago
#2221 closed defect (fixed)
When using Openssl as TLS backend, close notify alert is not sent before closing the connection
| Reported by: | riza | Owned by: | riza |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.10 |
| Component: | pjlib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
Before closing a connection, close notify alert must be sent to avoid truncation attack as stated in rfc5246:
7.2.1. Closure Alerts The client and the server must share knowledge that the connection is ending in order to avoid a truncation attack. Either party may initiate the exchange of closing messages.
Currently, the close notify alert is not sent before the connection is closed.
Thanks to Peter Koletzki for the report.
Change History (1)
comment:1 Changed 5 years ago by riza
- Owner set to riza
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 6054: