Ticket #7362 (new Bug report)
Implement correct SSL shutdown on closing connection
| Reported by: | fabelkey | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | SSL shutdown | Cc: | |
| Operating system type: | Operating system version: |
Description
When using the Filezilla FTP client with explicit SSL/TLS, the connection to the FTP server is closed without regarding the SSL shutdown that is expected by servers implementing TLS.
Before closing the TCP connection, a correct TLS shutdown should be initiated.
Typical error in vsftp implmenting FTP/TLS:
[username] DEBUG: Client "IP", "Connection terminated without SSL shutdown - buggy client?"
Specification for closing TLS connections:
http://www.ietf.org/rfc/rfc2246.txt
7.2.1. Closure alerts
Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.
Change History
Note: See
TracTickets for help on using
tickets.
