Ticket #7362 (new Bug report)

Opened 3 years ago

Last modified 18 months ago

Implement correct SSL shutdown on closing connection

Reported by: fabelkey Owned by:
Priority: normal Component: FileZilla Client
Keywords: SSL shutdown Cc:
Operating system type: Operating system version:

Description

When using the Filezilla FTP client with explicit SSL/TLS, the connection to the FTP server is closed without regarding the SSL shutdown that is expected by servers implementing TLS.

Before closing the TCP connection, a correct TLS shutdown should be initiated.

Typical error in vsftp implmenting FTP/TLS:
[username] DEBUG: Client "IP", "Connection terminated without SSL shutdown - buggy client?"

Specification for closing TLS connections:

 http://www.ietf.org/rfc/rfc2246.txt
7.2.1. Closure alerts

Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.

Change History

Note: See TracTickets for help on using tickets.