This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes
Date 2021-04-09.14:13:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
OpenSSL 3.0.0 state machine handles unexpected EOFs more strict and requires peers to properly shut down connections. The old OpenSSL 1.1.1 behavior can be get back with SSL_OP_IGNORE_UNEXPECTED_EOF.

I propose to add the option by default until Python's ssl module has better ways to perform one-way shutdown of connections.

> Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received.

> You should only enable this option if the protocol running over TLS can detect a truncation attack itself, and that the application is checking for that truncation attack.
Date User Action Args
2021-04-09 14:13:11christian.heimessetrecipients: + christian.heimes
2021-04-09 14:13:11christian.heimessetmessageid: <>
2021-04-09 14:13:11christian.heimeslinkissue43794 messages
2021-04-09 14:13:11christian.heimescreate