This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients alex, cheryl.sabella, christian.heimes, martin.panter, njs, vstinner
Date 2018-01-22.08:49:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Before we can disable ragged EOF handling, we first have to fix ssl.SSLSocket()'s shutdown behavior. It should support at least a proper unidirectional shutdown besides the slow bidirectional shutdown. It might even be a good idea to default to unidirectional shutdown. Curl does it,

I wrote this in a mail to Cory about PEP 543 two weeks ago:

Now to the nasty session and shutdown issue. I discovered it just a
couple of weeks ago.

We have to revisit TLS socket shutdown in order to make TLS session
resumption work. OpenSSL discards and invalidates sessions when a SSL
socket isn't properly shut down, e.g. hard-close I/O layer. Simply
speaking OpenSSL has four shutdown modes: bidirectional, unidirection,
quiet, and hard. Python's ssl module supports slow bidirectional mode
and hard mode.

* In bidirectional mode, both parties send a "close notify" alert and
wait for confirmation.
* Unidirectional means that one party just sends a "close notify" alert
and then closes the connection. It doesn't wait for ACK.
* Quiet shutdown doesn't send anything. It merely sets some internal
flags to mark the connection as closed and session as valid
* What I call 'hard mode' just kills the I/O layer and frees the SSL*.
Sessions are marked as invalid because OpenSSL rightly assumes that
something went wrong and the session cannot be reused safely.

We need an API to perform some sort of shutdown on __exit__(None, None,
None) / close().
Date User Action Args
2018-01-22 08:49:15christian.heimessetrecipients: + christian.heimes, vstinner, alex, njs, martin.panter, cheryl.sabella
2018-01-22 08:49:15christian.heimessetmessageid: <>
2018-01-22 08:49:15christian.heimeslinkissue27815 messages
2018-01-22 08:49:14christian.heimescreate