Message386520
TLS 1.2 has one-way close notify. For example typical HTTP clients like curl send a close_notify and then shut down the TCP connection. HTTP servers may not reply with close_notify or may not wait for the client to confirm the server-side close notify.
Python's ssl module does not support one-way close yet. It's an unfortunate limitation of the API that predates my involvement in the ssl module. The unwrap() methods always performs a blocking two-way shutdown. unwrap() calls SSL_shutdown() twice to downgrade a TLS connection to a plain TCP connection. The unwrap() API also requires cooperation from both parties.
https://tools.ietf.org/html/rfc5246#section-7.2.1
https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html |
|
Date |
User |
Action |
Args |
2021-02-05 10:08:33 | christian.heimes | set | recipients:
+ christian.heimes, fantix, asvetlov, Dima.Tisnek, yselivanov |
2021-02-05 10:08:33 | christian.heimes | set | messageid: <1612519713.85.0.4029380971.issue39951@roundup.psfhosted.org> |
2021-02-05 10:08:33 | christian.heimes | link | issue39951 messages |
2021-02-05 10:08:33 | christian.heimes | create | |
|