You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is described in section [7.2.1. Closure alerts].
The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Either party may
initiate the exchange of closing messages.
close_notify
This message notifies the recipient that the sender will not send
any more messages on this connection. The session becomes
unresumable if any connection is terminated without proper
close_notify messages with level equal to warning.
Either party may initiate a close by sending a close_notify alert.
Any data received after a closure alert is ignored.
I have run with some TLS logging output enabled and we do send a main, SEND TLSv1.2 ALERT: warning, description = close_notify when closing the session. How did you conclude that we do not send a close_notify at all? Can you share some server logging output?
When Cyberduck FTP-SSL closes the FTP connection it doesn't first perform the
SSL shutdown that is expected by the FTP-SSL implementation.
Before closing the TCP connection, a correct TLS shutdown should be initiated.
Specification for closing TLS connections in RFC2246
Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.
The text was updated successfully, but these errors were encountered: