Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement correct SSL shutdown on closing connection #8766

Closed
cyberduck opened this issue Apr 26, 2015 · 2 comments
Closed

Implement correct SSL shutdown on closing connection #8766

cyberduck opened this issue Apr 26, 2015 · 2 comments
Assignees
@dkocher
Labels
bug ftp-tls FTP (TLS) Protocol Implementation worksforme
Milestone
4.7.1

Comments

@cyberduck
Copy link
Collaborator

48f9edb created the issue

When Cyberduck FTP-SSL closes the FTP connection it doesn't first perform the
SSL shutdown that is expected by the FTP-SSL implementation.

Before closing the TCP connection, a correct TLS shutdown should be initiated.

Specification for closing TLS connections in RFC2246

Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

This is described in section [7.2.1. Closure alerts].

   The client and the server must share knowledge that the connection is
   ending in order to avoid a truncation attack. Either party may
   initiate the exchange of closing messages.

   close_notify
       This message notifies the recipient that the sender will not send
       any more messages on this connection. The session becomes
       unresumable if any connection is terminated without proper
       close_notify messages with level equal to warning.

   Either party may initiate a close by sending a close_notify alert.
   Any data received after a closure alert is ignored.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

I have run with some TLS logging output enabled and we do send a main, SEND TLSv1.2 ALERT: warning, description = close_notify when closing the session. How did you conclude that we do not send a close_notify at all? Can you share some server logging output?

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug ftp-tls FTP (TLS) Protocol Implementation worksforme
Projects
None yet
Milestone
4.7.1
Development

No branches or pull requests
2 participants
@dkocher @cyberduck