Philip Linde linde.philip at gmail.com
Mon Nov 8 16:14:18 GMT 2021
- - - - - - - - - - - - - - - - - - -
Hi Stephane!
On Mon, 8 Nov 2021 16:18:11 +0100Stephane Bortzmeyer <stephane at sources.org> wrote:
On Mon, Nov 08, 2021 at 09:28:41AM -0500,
Jason McBrayer <jmcbray at carcosa.net> wrote
a message of 15 lines which said:
Please let me know if carcosa.net is among those.
Indeed it is :-(
% agunua carcosa.net
Warning, no TLS shutdown received from the server
Very useful. I have not considered TLS in detail myself, but I testedthis just now with the Go TLS implementation which does seem to sendthe proper notification as you call Close on connections. Good news forpeople writing server implementations in Go, I think.
I wonder how hard it would be to automatically identify server softwarethat doesn't implement this properly. Probably some server softwarecould be differentiated based on their error code descriptions or howthey deal with some corner cases. If we could trace these capsules to afew server implementations it might not be too much work to reach outto the authors and poke at them about the spec change.
With the numbers you suggested earlier, I am wary of strictly enforcingclose_notify in my client, but in the interim maybe client authorscould warn as yours does, or provide some way to add domains to anexception list.
-- Philip