Author christian.heimes
Recipients Dima.Tisnek, asvetlov, christian.heimes, fantix, yselivanov
Date 2021-02-05.10:08:33
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1612519713.85.0.4029380971.issue39951@roundup.psfhosted.org>
In-reply-to
Content
TLS 1.2 has one-way close notify. For example typical HTTP clients like curl send a close_notify and then shut down the TCP connection. HTTP servers may not reply with close_notify or may not wait for the client to confirm the server-side close notify.

Python's ssl module does not support one-way close yet. It's an unfortunate limitation of the API that predates my involvement in the ssl module. The unwrap() methods always performs a blocking two-way shutdown. unwrap() calls SSL_shutdown() twice to downgrade a TLS connection to a plain TCP connection. The unwrap() API also requires cooperation from both parties.

https://tools.ietf.org/html/rfc5246#section-7.2.1
https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html
History
Date User Action Args
2021-02-05 10:08:33christian.heimessetrecipients: + christian.heimes, fantix, asvetlov, Dima.Tisnek, yselivanov
2021-02-05 10:08:33christian.heimessetmessageid: <1612519713.85.0.4029380971.issue39951@roundup.psfhosted.org>
2021-02-05 10:08:33christian.heimeslinkissue39951 messages
2021-02-05 10:08:33christian.heimescreate