#2221 closed defect (fixed)

When using Openssl as TLS backend, close notify alert is not sent before closing the connection

Reported by: riza Owned by: riza
Priority: normal Milestone: release-2.10
Component: pjlib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Before closing a connection, close notify alert must be sent to avoid truncation attack as stated in rfc5246:

7.2.1.  Closure Alerts

   The client and the server must share knowledge that the connection is
   ending in order to avoid a truncation attack.  Either party may
   initiate the exchange of closing messages.

Currently, the close notify alert is not sent before the connection is closed.

Thanks to Peter Koletzki for the report.

Change History (1)

comment:1 Changed 13 months ago by riza

  • Owner set to riza
  • Resolution set to fixed
  • Status changed from new to closed

In 6054:

Fixed #2221: When using Openssl as TLS backend, close notify alert is not sent before closing the connection.

Note: See TracTickets for help on using tickets.