Implement correct SSL shutdown on closing connection
|Reported by:||Hendrik||Owned by:|
|Component version:||Operating system type:|
|Operating system version:|
When using the Filezilla FTP client with explicit SSL/TLS, the connection to the FTP server is closed without regarding the SSL shutdown that is expected by servers implementing TLS.
Before closing the TCP connection, a correct TLS shutdown should be initiated.
Typical error in vsftp implmenting FTP/TLS:
[username] DEBUG: Client "IP", "Connection terminated without SSL shutdown - buggy client?"
Specification for closing TLS connections:
7.2.1. Closure alerts
Correct Behaviour for shutdown is important to ensure TLS' resistance against truncation attacks.