[Cyberduck-trac] [Cyberduck] #8766: Implement correct SSL shutdown on closing connection
Cyberduck
trac at trac.cyberduck.io
Mon Apr 27 08:36:49 UTC 2015
#8766: Implement correct SSL shutdown on closing connection
-----------------------------+-------------------------
Reporter: jankok | Owner: dkocher
Type: defect | Status: assigned
Priority: normal | Milestone: 4.8
Component: ftp-tls | Version: 4.7
Severity: normal | Resolution:
Keywords: rfc2246 ftp-ssl | Architecture: Intel
Platform: Mac OS X 10.10 |
-----------------------------+-------------------------
Comment (by dkocher):
This is described in section [7.2.1. Closure alerts].
{{{
The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Either party may
initiate the exchange of closing messages.
close_notify
This message notifies the recipient that the sender will not send
any more messages on this connection. The session becomes
unresumable if any connection is terminated without proper
close_notify messages with level equal to warning.
Either party may initiate a close by sending a close_notify alert.
Any data received after a closure alert is ignored.
}}}
--
Ticket URL: <https://trac.cyberduck.io/ticket/8766#comment:3>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list